open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/SECURITY.md
Kjell Tore Guttormsen 96d4d3ee45 chore: fix metadata gaps and add root CLAUDE.md 
- llm-security SECURITY.md: update supported versions 3.0.x → 5.1.x
- config-audit plugin.json: add license, repository, keywords
- Add root CLAUDE.md with repo structure and conventions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 13:10:22 +02:00

1.2 KiB
Raw Blame History

Security Policy

Supported Versions

Version Supported
5.1.x Yes
< 5.0 No

Reporting a Vulnerability

If you discover a security vulnerability in this plugin, please report it responsibly.

Do NOT open a public issue. Instead:

  1. Email: security@fromaitochitta.com
  2. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Affected component (scanner, hook, agent, etc.)
    • Potential impact

Response timeline:

  • Acknowledgment within 48 hours
  • Assessment within 7 days
  • Fix or mitigation within 30 days for confirmed vulnerabilities

Scope

This policy covers:

  • Hook scripts (hooks/scripts/*.mjs)
  • Deterministic scanners (scanners/*.mjs)
  • Scanner shared library (scanners/lib/*.mjs)
  • Agent definitions (agents/*.md)
  • Command definitions (commands/*.md)

Out of scope:

  • The malicious-skill-demo fixture (intentionally vulnerable for testing)
  • Knowledge base content (derived from published OWASP standards)
  • Template files (output formatting only)

Disclosure

Confirmed vulnerabilities will be disclosed after a fix is available, with credit to the reporter unless anonymity is requested.