If you discover a security vulnerability in this repository, please report it responsibly. Do not open a public issue.
Email [TODO: INSERT CONTACT EMAIL] with:
- A description of the vulnerability
- Steps to reproduce it
- Any relevant files or links
We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 days.
This policy covers the contents of this repository: contribution templates, metadata schemas, CI workflows, and community documentation. It does not cover the upstream Open Brain infrastructure (Supabase instance, MCP server, etc.).
- CI workflows that could be exploited (e.g., script injection via PR titles or branch names)
- Credentials, API keys, or secrets accidentally committed to the repo
- Contribution templates or examples that encourage insecure practices
- Bugs in individual community contributions (report those as regular issues)
- Feature requests or general feedback (use Discussions or Issues)
We are happy to credit reporters in release notes or CONTRIBUTORS.md unless you prefer to remain anonymous.