Skip to content

Security: IcebergAI/skilldeck

SECURITY.md

Security Policy

Reporting a vulnerability

Please report security issues privately — not through public issues or pull requests.

Use GitHub's private vulnerability reporting (the Report a vulnerability button on the repository's Security tab). It opens a private channel between you and the maintainers.

When you report, include as much of the following as you can:

  • The version or commit affected.
  • A description of the issue and its impact.
  • Steps to reproduce, or a proof of concept.
  • Any suggested fix or mitigation, if you have one.

What to expect

  • We aim to acknowledge a report within 3 business days.
  • We'll confirm the issue, keep you updated as we work on a fix, and let you know when it ships.
  • With your permission, we're happy to credit you once the fix is public.

Please give us a reasonable window to release a fix before disclosing publicly. We're a small team and we'll move as fast as we can.

Supported versions

skilldeck is pre-1.0 and ships fixes against the latest release. Please make sure you're on the most recent version before reporting.

There aren't any published security advisories