If you discover a security vulnerability in this repository — such as a malicious payload in reference files, credential leaks, unsafe default configurations, or dependency vulnerabilities — please report it privately.

Do not open a public GitHub issue for security vulnerabilities.

Email contact@transilience.ai with:

• Description of the vulnerability
• Steps to reproduce
• Affected files or components
• Potential impact
• Suggested fix (if any)

• Acknowledgment within 48 hours
• Status update within 7 days
• Resolution target within 30 days for confirmed vulnerabilities

We will coordinate with you on disclosure timing and credit you in the fix (unless you prefer to remain anonymous).

This policy covers vulnerabilities in this repository, including:

• Skills, agents, and their reference materials
• Tool integration scripts (Playwright, Kali tools)
• Build scripts and CI/CD configurations
• Dependencies and supply chain issues
• Documentation that could lead to unsafe practices

• Vulnerabilities found in target applications while using these tools — follow the target's own disclosure policy
• General security testing questions — use GitHub Discussions

This repository provides tools for authorized security testing only. Users are responsible for:

• Obtaining proper authorization before testing any system
• Following responsible disclosure timelines (typically 90 days)
• Complying with all applicable laws and regulations

See README.md for full usage guidelines.