If you discover a security vulnerability in command-giffer, please do not open a public issue.
Instead:
- Email balgaly@gmail.com with a description of the vulnerability
- Include steps to reproduce if possible
- Allow reasonable time for a fix before any public disclosure
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix: Depends on severity — critical issues are prioritized
This policy covers the command-giffer skill and its HTML/GIF generation code.
- No network access required
- No telemetry or data collection
- Operates entirely on local files
Security reports are taken seriously. Contributors who responsibly disclose vulnerabilities will be credited (unless they prefer to remain anonymous).