We take security seriously. If you discover a security vulnerability, please follow these steps:

1. Do NOT open a public issue - Security vulnerabilities should be reported privately.

2. Email: Send details to nbzkri@gmail.com (or open a private security advisory on GitHub)

3. Include:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity
  • Critical: 24-72 hours
  • High: 1-2 weeks
  • Medium/Low: Next release cycle

This security policy covers:

• The skill router (tools/skill_router.py)
• Installation scripts (setup.ps1, scripts/install.ps1)
• CLI wrappers (activate-skills.ps1, .cmd, .sh)

• Vulnerabilities in the underlying skills library (report to sickn33/antigravity-awesome-skills)
• Issues in Python itself
• User misconfiguration

When using the Antigravity Optimizer:

• Always review installed skills before using them
• Don't run setup.ps1 with elevated privileges unless necessary
• Keep Python updated to the latest stable version