Code-mint is a documentation and skills library (Markdown and templates), not a runnable service. Security issues can still matter, for example instructions that could lead to unsafe commands, credential handling, or misleading operational guidance.

When private reporting is available: Use this repository's GitHub private vulnerability reporting flow from the Security tab, if your GitHub UI offers it. That keeps details private while maintainers review and prepare a fix or documentation update.

When it is not available: Some repositories never show that flow. Common reasons include the feature not being enabled for the repo, reporting from a fork, or organization or enterprise policy disabling code security features—in those cases no per-repository toggle fixes it.

Fallback (always allowed): Open a minimal public issue asking maintainers for a private channel, and do not include exploit details in the public issue.

• A short description of the concern and affected paths or skills
• Steps to reproduce or reason about impact, if applicable
• Whether you believe the issue affects this repository only or repositories that copy code-mint assets (skills, docs)

Maintainers will acknowledge receipt when possible. Severity and fix timelines depend on impact and maintainer capacity. This project is maintained as open-source reference material; there is no SLA.

This policy applies to the canonical patterninc/code-mint repository. Forks and downstream copies are the responsibility of their owners.