If you are reporting a vulnerability in this repo’s scripts or workflow, use the steps below. If you are trying to report a problem with Anthropic’s products, contact their official channels instead—this project is independent.

This repository contains educational material and tooling for package-release hardening.
It does not host proprietary leaked code.

If you find a security issue in repository scripts, workflows, or docs:

1. Open a private security advisory if possible.
2. If private reporting is unavailable, open an issue with minimal exploit detail.
3. Include reproduction steps, affected files, and expected safe behavior.

• Initial triage: within 72 hours
• Confirmed issue assessment: within 7 days
• Patch or mitigation guidance: as soon as practical

• Do not publish proof-of-concept details that increase abuse risk before maintainers can respond.
• Do not submit or reference proprietary leaked source content in issues or pull requests.