agent-docs is on 0.x. Only the latest minor version receives fixes.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1 | ❌ |
Please do not open a public issue for security-relevant problems.
Email k.kreuter@it-brb.de with:
- a short description of the issue,
- the affected file(s) or command(s),
- a minimal reproduction if possible.
You'll get an acknowledgement within 72 hours and a status update within 7 days.
agent-docs is a Claude Code skill. It:
- reads files in the repo where the user invokes it,
- writes Markdown files to
.agent-docs/in that repo, - shells out to
gitandpython3, - spawns Claude Code sub-agents (Explore type).
It does not:
- make outbound network requests on its own,
- read files outside the repo (beyond the skill's own directory under
~/.claude/skills/agent-docs/), - modify git state (no commits, no pushes, no branch ops),
- collect or transmit telemetry.
Areas worth scrutinizing in a report:
- Argument-injection paths into
gitorpython3(e.g. via crafted topic slugs). - Path-traversal in the topic-to-filename mapping.
- Unintended behavior when
.agent-docs/contains symlinks or non-Markdown files. - Anything that causes the skill to write outside
.agent-docs/.