# SECURITY

## Reporting a Vulnerability

**Do NOT** open a public GitHub issue for security vulnerabilities.

Email security details to: **security@kiskolabs.com**

Include: description, steps to reproduce, potential impact, and suggested fix (if available).

### Response Timeline

- We will acknowledge receipt of your report
- We will provide an initial assessment
- We will keep you informed of our progress and resolution timeline

### Disclosure Policy

- We will work with you to understand and resolve the issue
- We will credit you for the discovery (unless you prefer to remain anonymous)
- We will publish a security advisory after the vulnerability is patched
- We will coordinate public disclosure with you

## Automation Security

* **Context Isolation:** It is strictly forbidden to include production credentials, API keys, or Personally Identifiable Information (PII) in prompts sent to third-party LLMs or automation services.

* **Supply Chain:** All automated dependencies must be verified.