This repository ships a coordinated set of assets:
- installable Codex skills under
skill/ - blueprint payloads under
blueprints/ - the installer contract in
install.sh
Security fixes are only guaranteed for the current development branch and the most recent tagged release.
| Version | Supported |
|---|---|
main |
Yes |
| Latest tagged release | Yes |
| Older tags and commits | No |
If a security fix lands on main, older releases may remain unpatched until a newer tag is published.
Please do not open a public GitHub issue for suspected vulnerabilities.
Instead, report security issues privately by email to:
andreas@pardeike.net
Include as much of the following as you can:
- affected area of the repo such as
install.sh, a blueprint helper, or a shipped skill asset - a short description of the impact
- reproduction steps or a proof of concept
- the commit, tag, or branch you tested
- relevant environment details such as macOS, Xcode, visionOS, and Codex setup
Expected response process:
- acknowledgement within 5 business days
- follow-up after triage when the report is confirmed, declined, or needs more detail
- coordinated disclosure after a fix is available, when a fix is required
Reports involving credential exposure, unsafe installer behavior, shell injection, path traversal, or unintended access to user data should be treated as security issues.