deskill is a security-oriented guardrail for agent skills, but V1 should still be treated as defense in depth, not as a sandbox.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
Please do not open a public issue for vulnerabilities, bypasses, or exploit recipes.
If this repository is hosted on GitHub, use GitHub private vulnerability reporting when enabled. Otherwise, contact the maintainers privately through the repository owner's preferred security contact.
Include:
- Affected version or commit.
- Reproduction steps.
- Impact and likely affected command or MCP tool.
- Any relevant
SKILL.mdfixture or redacted sample.
Relevant reports include:
- Skill scanner bypasses for credential exfiltration, destructive shell, prompt override, or hidden payloads.
- MCP server behavior that exposes unintended filesystem or process access.
- Saved guard decisions, deskill tasks, or no-deskill blockers that can be bypassed or corrupted.
Out of scope:
- Reports requiring malicious local administrator access.
- General model jailbreaks with no deskill-specific bypass.
- Denial-of-service reports that only exhaust local CPU or disk through expected local CLI usage.