From aa936ba672756e3c1e3be8b9ab929d281215084c Mon Sep 17 00:00:00 2001 From: Dipanita45 <132455672+Dipanita45@users.noreply.github.com> Date: Mon, 16 Jun 2025 07:19:36 +0530 Subject: [PATCH 1/2] Create Security.md --- SECURITY.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..258e0b10 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,40 @@ +# Security Policy + +## Supported Versions + +We currently support the latest stable version of CryptoTracker. Users are encouraged to always update to the most recent version to benefit from security patches and improvements. + +## Reporting a Vulnerability + +If you discover a security vulnerability in PromptShell, please help us keep the project and its users safe by following these steps: + +1. **Do not open public issues** for security vulnerabilities. +2. **Privately report the vulnerability** by emailing the maintainer. +3. Include the following in your report: + - A detailed description of the vulnerability. + - Steps to reproduce the issue. + - Potential impact. + - Suggested fixes, if available. + +We aim to respond to vulnerability reports within **5 business days** and will work with you to resolve the issue promptly. + +## Security Best Practices + +- Do not run PromptShell as root unless absolutely necessary. +- Only use PromptShell in trusted environments. +- Be cautious when prompting with sensitive data or executing dynamic commands. +- Review and audit any third-party models or plugins used within PromptShell. + +## Responsible Disclosure + +We support and encourage responsible disclosure. If you responsibly disclose a vulnerability, we will: + +- Acknowledge your contribution. +- Provide credit in the changelog (if desired). + +## Additional Resources + +- [GitHub Security Best Practices](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) + +--- +Thank you for helping make PromptShell safer and more reliable! From ed418f4ad969bf506d6a5a5d218f9001c00ac72e Mon Sep 17 00:00:00 2001 From: Dipanita45 <132455672+Dipanita45@users.noreply.github.com> Date: Mon, 16 Jun 2025 07:30:44 +0530 Subject: [PATCH 2/2] update --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 258e0b10..4df36196 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ We currently support the latest stable version of CryptoTracker. Users are encou ## Reporting a Vulnerability -If you discover a security vulnerability in PromptShell, please help us keep the project and its users safe by following these steps: +If you discover a security vulnerability in CryptoTracker, please help us keep the project and its users safe by following these steps: 1. **Do not open public issues** for security vulnerabilities. 2. **Privately report the vulnerability** by emailing the maintainer.