Skip to content

Security: Sparvovic/codex-flightdeck

Security

SECURITY.md

Security policy

Reporting a vulnerability

Do not open a public issue for a vulnerability that could expose credentials, local files, or connected services. Use GitHub's private vulnerability reporting or security advisory flow for this repository.

Include the affected file, impact, reproduction steps, and a proposed mitigation when possible.

Scope

This repository contains instructions and templates. Its main risks are unsafe permission defaults, credential leakage, prompt injection through connected systems, overly broad MCP tools, destructive automation, and guidance that enables unreviewed external writes.

Never include real secrets in examples or diagnostic output. Treat copied templates as code: review them before applying and test high-autonomy settings only in trusted or isolated environments.

There aren't any published security advisories