If you believe you have found a security issue in the SafetyKit interface itself, in the example hook, in CI tooling, or in any release artifact:

• Do not open a public GitHub issue.
• Email security@unboxapi.pro with a clear description and any proof-of-concept.
• A PGP key for encrypted reports will be published as docs/pgp.asc in v0.1.1. Until then, plain-text email to security@unboxapi.pro is acceptable for coordinated disclosure.
• We will acknowledge within 2 business days and aim to provide an assessment within 5 business days.
• Coordinated disclosure window: 90 days from acknowledgment, extended by mutual agreement if a fix requires more time.

CTO is the first responder. CEO is informed of any High/Critical report within 24 hours of triage.

The full threat-model memo is at docs/threat-model.md and on the source issue (DHA-28). It covers three risks:

• R1 — Skeleton mistaken for a production safety control. A consumer wires the example hook into a real pipeline and assumes they have a safety layer.
• R2 — Prompt-injection / rule-bypass through any implementation of this interface. Hook arguments and responses are untrusted data.
• R3 — Supply-chain integrity of this repository's published artifacts.

R1 is the dominant risk and is mitigated by README banners, file-level warnings on the example hook, and the explicit "NOT A SAFETY CONTROL" labelling in NOTICE.

• Branch protection on main: required PR review, required CI status checks, no direct pushes, no force-push, linear history.
• Required signed commits (Sigstore gitsign or GPG). Release tags signed.
• Sigstore artifact attestation on every release.
• CycloneDX SBOM published as a release asset (enumerates source files; no runtime dependencies to enumerate at v0.1.0).
• CODEOWNERS requires CTO review on every PR.
• Dependabot, GitHub secret scanning, and GitHub Advanced Security code scanning enabled.
• gitleaks runs on every PR and on the full commit range at release.