Please do not report security vulnerabilities through public GitHub issues.
Instead, use one of these private channels:
- GitHub private vulnerability reporting (preferred): use the "Report a vulnerability" form on this repository's Security tab. The report is visible only to the maintainers until a fix is coordinated.
- Email: contact the maintainers at
contact@cuioss.dewith a description of the issue, reproduction steps, and the affected component (bundle / skill / script path if known).
You should receive an acknowledgement within a few business days. Please allow the maintainers a reasonable coordination window before any public disclosure.
Plan Marshall ships development standards, workflow skills, and Python automation scripts that run inside Claude Code sessions on developer machines. Reports are especially valuable for:
- Script execution paths — anything that lets a crafted repository,
configuration file, or script argument escape the documented execution
contract of
.plan/execute-script.pyor themanage-*script family. - Credential handling — leaks of provider credentials handled by the
workflow-integration-*provider scripts (the design goal is that credentials never enter the LLM context; seedoc/concepts/tools-and-scripts.adoc). - Untrusted-content containment — bypasses of the
untrusted-ingestionvalidation clamp or the read-only reader agent's containment described indoc/adr/003-Reader_isolation_as_a_tool-surface_lever.adoc. - Supply chain — integrity of the generated
target/*distributions and thedist-*release branches.
Findings in third-party dependencies are best reported upstream first; a note here is still welcome when Plan Marshall's usage amplifies the impact.
The threat model and security architecture are documented in
doc/concepts/security.adoc.