chore(llm-security): v7.3.1 — stabilization patch for forkers and downstream users

No behavior changes. Sets the public stance, tightens documentation, and
removes coherence drift so anyone forking or downloading the plugin gets
a consistent starting point.

Added:
- CONTRIBUTING.md — public fork-and-own guide. Why PRs are not accepted,
  how to fork well, what is welcome via issues.
- README "Project scope" section — out-of-scope table naming what is
  fork-and-own territory (web dashboard, fleet policy, runtime firewall,
  IDE LSP, compliance pack, ticketing, multi-tenancy, ML detectors,
  marketplace UI, SSO/SCIM/RBAC) with commercial alternatives.
- package.json: bugs.url, CONTRIBUTING/SECURITY/CHANGELOG in files
  whitelist for npm publishing.

Changed:
- SECURITY.md rewritten. Supported-versions table from stale 5.1.x to
  current reality (7.3.x active, 7.0-7.2 best-effort, <7.0 EOL).
  Best-effort solo response timeline. Scope expanded to bin/.
- Scanner VERSION constants synced to plugin version. Was 6.0.0 in
  dashboard-aggregator and posture-scanner.
- package.json repository.url corrected from fromaitochitta/ to open/.
- README "Feedback & contributing" links to CONTRIBUTING.md.

Fixed:
- pre-compact-scan size-cap timing test ceiling raised 500ms -> 1000ms.
  Was a flake on Intel Mac and CI under load. Design target unchanged
  (<500ms, documented in CLAUDE.md).

Notes:
- First patch on the stabilization line (post-2026-05-01).
- Wave E attack-simulator scenarios deferred indefinitely; coverage
  remains at 72.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/llm-security/SECURITY.md

@@ -1,15 +1,26 @@
 # Security Policy
 
-## Supported Versions
+## Supported versions
 
-| Version | Supported |
-|---------|-----------|
-| 5.1.x   | Yes       |
-| < 5.0   | No        |
+This is a solo-maintained open-source project. "Supported" here means the
+maintainer will look at security reports — not that there is an SLA, paid
+support, or backporting policy. Forks are encouraged for organizations that
+need stronger guarantees (see [`CONTRIBUTING.md`](CONTRIBUTING.md)).
 
-## Reporting a Vulnerability
+| Version       | Status                                         |
+|---------------|------------------------------------------------|
+| 7.3.x         | **Active.** Bug + security fixes. Stabilization line. |
+| 7.0.x – 7.2.x | Best-effort security fixes only. Upgrade to 7.3.x recommended. |
+| < 7.0         | End of life. No fixes. |
 
-If you discover a security vulnerability in this plugin, please report it responsibly.
+The project is in **stabilization mode** as of 2026-05-01. New features are
+out of scope (see "Project scope" in [`README.md`](README.md)). Security and
+correctness fixes continue.
+
+## Reporting a vulnerability
+
+If you discover a security vulnerability in this plugin, please report it
+responsibly.
 
 **Do NOT open a public issue.** Instead:
 
@@ -17,28 +28,43 @@ If you discover a security vulnerability in this plugin, please report it respon
 2. Include:
    - Description of the vulnerability
    - Steps to reproduce
-   - Affected component (scanner, hook, agent, etc.)
+   - Affected component (scanner, hook, agent, command, knowledge file)
    - Potential impact
+   - Whether you have a proof-of-concept (encrypted attachment is fine)
 
-**Response timeline:**
-- Acknowledgment within 48 hours
-- Assessment within 7 days
-- Fix or mitigation within 30 days for confirmed vulnerabilities
+**Response timeline (best-effort, solo project):**
+
+- Acknowledgment within 7 days
+- Triage and severity classification within 14 days
+- Fix or documented mitigation within 30 days for confirmed High/Critical findings; Medium and Low scheduled into the next regular release
+
+If the report touches a vulnerability the project explicitly cannot defend
+against (see "Defense philosophy" and "What this plugin does NOT cover" in
+the README — e.g., adaptive ML-based prompt injection bypass), the response
+will explain why it is out of scope rather than leaving the report open.
 
 ## Scope
 
 This policy covers:
+
 - Hook scripts (`hooks/scripts/*.mjs`)
 - Deterministic scanners (`scanners/*.mjs`)
 - Scanner shared library (`scanners/lib/*.mjs`)
 - Agent definitions (`agents/*.md`)
 - Command definitions (`commands/*.md`)
+- CLI entry point (`bin/llm-security.mjs`)
 
 Out of scope:
-- The malicious-skill-demo fixture (intentionally vulnerable for testing)
-- Knowledge base content (derived from published OWASP standards)
-- Template files (output formatting only)
+
+- The malicious-skill-demo fixture (`examples/malicious-skill-demo/`) — intentionally vulnerable for testing
+- Knowledge base content (derived from published OWASP standards and cited research)
+- Template files (output formatting only, not part of the security boundary)
+- Forks under other names — please report there, not here
 
 ## Disclosure
 
-Confirmed vulnerabilities will be disclosed after a fix is available, with credit to the reporter unless anonymity is requested.
+Confirmed vulnerabilities will be disclosed in the CHANGELOG after a fix is
+available, with credit to the reporter unless anonymity is requested.
+
+For coordinated disclosure with downstream forks: include the maintainer
+email above and the maintainer of the fork in the same thread.