We release patches for security vulnerabilities. Currently supported versions:

The Advanced Prompts Factory team takes security seriously. If you discover a security vulnerability, please follow these steps:

DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please report security vulnerabilities by:

1. GitHub Security Advisory: Use the Security Advisories feature (preferred method)
2. Email: Contact @valorisa on GitHub directly

Please include the following information in your report:

• Description: Clear description of the vulnerability
• Impact: What can an attacker accomplish by exploiting this vulnerability?
• Reproduction Steps: Detailed steps to reproduce the issue
• Affected Versions: Which versions are affected?
• Suggested Fix: If you have ideas on how to fix it (optional)
• Your Contact Information: So we can follow up with questions

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
• Initial Assessment: We will provide an initial assessment within 5 business days
• Progress Updates: We will keep you informed of our progress every 7 days
• Disclosure Timeline: We aim to patch critical vulnerabilities within 30 days
• Credit: We will credit you in the security advisory (unless you prefer to remain anonymous)

• Coordinated Disclosure: We follow a coordinated disclosure process
• Embargo Period: We request that you do not publicly disclose the vulnerability until we have released a patch
• Public Disclosure: Once patched, we will publish a security advisory crediting the reporter

When using meta-prompts from this repository:

1. Review Generated Code: Always review code generated by LLMs before committing
2. Secrets Management: Never commit API keys, tokens, or credentials to repositories
3. Dependency Scanning: Use Dependabot or similar tools to monitor dependencies in generated projects
4. CI/CD Security: Validate that generated GitHub Actions workflows follow security best practices
5. Input Validation: Be cautious when generating projects from untrusted descriptions

This project consists of documentation and meta-prompts, not executable code. However, be aware:

• LLM Output Variability: Different LLMs may produce different outputs from the same prompt
• No Execution Guarantees: We cannot guarantee the security of code generated by third-party LLMs
• User Responsibility: Users are responsible for reviewing and securing generated code

When a security issue is identified:

1. Patch Development: We develop and test a fix
2. Version Bump: We release a new version following semantic versioning
3. Changelog Update: We document the fix in CHANGELOG.md
4. Security Advisory: We publish a GitHub Security Advisory
5. Notification: We notify affected users via GitHub releases

For security-related questions or concerns:

• Security Issues: Use GitHub Security Advisories
• General Security Questions: Open a discussion
• Project Maintainer: @valorisa

Thank you for helping keep Advanced Prompts Factory and its users safe!