Skip to content

Security: aph5nt/strategic-frameworks

Security

.github/SECURITY.md

Security Policy

Supported Versions

This repository contains Agent Skills for Claude AI. As this is primarily documentation and configuration (not executable code), security concerns are limited.

Version Supported
Latest

Reporting a Vulnerability

If you discover a security vulnerability within Strategic Frameworks, please follow these steps:

For Skills-Related Issues

If you find that a skill generates harmful instructions or inappropriate guidance:

  1. Do NOT open a public issue
  2. Contact: info@campus.ai
  3. Provide:
    • Which skill is affected
    • What trigger caused the issue
    • Example of the problematic output
    • Suggested fix (if any)

For Framework Content Issues

If you find framework content that is:

  • Harmful or inappropriate
  • Plagiarized or misattributed
  • Fundamentally incorrect or misleading
  • Promotes unethical practices

Please:

  1. Contact: info@campus.ai
  2. Provide:
    • Framework name and file
    • Specific content concern
    • Supporting evidence
    • Correction suggestions

For Repository Security

For traditional security issues (malicious code, compromised dependencies, etc.):

  1. Open a security advisory via GitHub's private reporting
  2. Or email: info@campus.ai
  3. Include:
    • Description of the issue
    • Steps to reproduce
    • Potential impact
    • Suggested remediation

Response Timeline

  • Initial Response: Within 48 hours
  • Status Update: Within 7 days
  • Resolution: Varies by severity and complexity

Security Best Practices for Users

When using these skills:

  1. Review Generated Content: Always review and validate framework applications
  2. Sensitive Information: Don't share confidential data during workshops
  3. Manual Installation: When manually installing, verify file integrity
  4. Updates: Keep skills updated to the latest version
  5. Framework Sources: Verify framework information independently

Out of Scope

The following are not considered security issues:

  • Disagreement with framework methodology
  • Skills selecting "wrong" framework (subjective)
  • Dialogue style preferences
  • Output format preferences
  • Framework effectiveness debates

Attribution

Security researchers who responsibly disclose vulnerabilities will be:

  • Acknowledged in the fix commit (if desired)
  • Thanked in release notes
  • Listed in SECURITY.md (with permission)

Note: These skills operate within Claude's safety guidelines. Any concerning behavior should also be reported to Anthropic directly.

There aren't any published security advisories