Found vuln in skill? Report responsibly:

1. Do NOT open a public issue for security vulnerabilities
2. Email security concerns to the repository owner
3. Include:
   • Vuln description
   • Repro steps
   • Impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution: Depends on severity

• All reports taken seriously
• Prompt investigation + response
• Reporter credit in changelog (unless anonymous preferred)

Using skill:

1. Never commit secrets - Env vars for API keys
2. Review generated code - Review before run
3. Keep dependencies updated - Update Appwrite SDK often
4. Use proper permissions - Least privilege in Appwrite

Policy covers skill docs + included code examples. Not covered:

• Third-party deps
• Appwrite platform itself
• Your implementation of patterns