The PMO Skills Repository is a knowledge and documentation repository containing Markdown files, structured PM frameworks, artifact definitions, and skill instructions. It does not contain application code, authentication systems, APIs, databases, or executable software in production use.
However, this repository may contain:
- Configuration references for tool integrations (MCP server, CI/CD pipelines)
- Access control model definitions
- Future MCP server tool schemas and endpoint definitions
| Version | Supported |
|---|---|
| 1.3.x (current) | ✅ Active |
| < 1.3.0 | ❌ No longer maintained |
Please report any of the following if discovered in this repository:
- Accidentally committed secrets, tokens, API keys, or credentials
- Sensitive personal information (PII) committed in any file
- Malicious content introduced via a pull request or commit
- Tool integration configurations that expose sensitive endpoints
- Any content in
reference/,shared/, or skill files that could be exploited if used as AI agent instructions (prompt injection patterns, jailbreak attempts, etc.)
Do not open a public GitHub issue for security vulnerabilities.
Report security concerns through one of these channels:
- GitHub Private Vulnerability Reporting — use the “Report a vulnerability” button on the Security tab of this repository
- Direct contact — contact the repository maintainer directly via GitHub profile
Include in your report:
- File path(s) affected
- Description of the issue
- Potential impact
- Suggested remediation (if known)
| Action | Target Timeline |
|---|---|
| Acknowledge report | Within 48 hours |
| Initial assessment | Within 5 business days |
| Remediation (if confirmed) | Within 14 days for critical issues |
| Disclosure | Coordinated with reporter |
This repository has GitHub secret scanning enabled. Any accidentally committed credentials will be automatically flagged. If you receive a secret scanning alert:
- Immediately revoke the exposed credential at the source
- Remove the secret from git history using
git filter-repoor BFG Repo Cleaner - Force-push the cleaned history
- Notify the maintainer
This repository is designed to be used as a knowledge source for AI agents and MCP servers. When contributing content that will be used as agent instructions or tool schemas:
- Do not include prompt injection patterns
- Do not include instructions that could cause an AI agent to bypass governance rules
- Flag any content that could be misinterpreted by an LLM with a
# AGENT-NOTE:comment
PMO Skills Repository · Security Policy v1.0 · Last Updated: 2026-05-30