If you believe you found a security issue in OneSkills, do not publish full details in a public issue first.

Please contact the maintainers through a private channel if one is available to you. Include:

• affected files or feature area
• impact summary
• reproduction steps
• any suggested mitigation

If you do not have a private contact path yet, open a minimal public issue requesting security contact instructions without disclosing the full vulnerability details.

Security fixes are expected to target the latest maintained version first.