If you discover a security vulnerability in LIOTHIL, please report it responsibly.
Email: security@promptcrafted.com
Do NOT:
- Open a public GitHub issue for security vulnerabilities
- Post details in Discussions or social media before coordinated disclosure
Do:
- Email us with a description of the vulnerability
- Include steps to reproduce if possible
- Allow up to 72 hours for initial response
We will acknowledge receipt within 72 hours and work with you on coordinated disclosure. We will credit reporters in the fix announcement (unless you prefer anonymity).
This policy covers the LIOTHIL scaffold builder and all files in this repository. Environments generated by LIOTHIL are the responsibility of their owners.
LIOTHIL is a prompt-based scaffold builder. It generates configuration files for Claude Code. It does not:
- Handle authentication or user credentials
- Connect to external services or APIs
- Process or store sensitive data
- Execute code beyond what Claude Code's permission system allows
The primary security concern is accidental secret exposure when users commit generated environments to their own repositories. LIOTHIL's generated .gitignore is designed to prevent this, and we recommend users install a pre-commit secret scanner (see README).
| Version | Supported |
|---|---|
| Latest | Yes |
We strongly recommend all users install gitleaks as a pre-commit hook:
# Install gitleaks (macOS)
brew install gitleaks
# Install gitleaks (Linux/Windows via Go)
go install github.com/zricethezav/gitleaks/v8@latest
# Add to your project's .pre-commit-config.yaml
# See .pre-commit-config.yaml in this repo for configurationThis catches secrets before they ever enter git history. Prevention is always easier than remediation.