Buckets:

alejandro-ao
/

demo-cli

about 1 month ago

1.36 kB

	# Security Policy

	## Reporting a Vulnerability
	We take the security of this project seriously. If you discover a security vulnerability within this repository, please do not open a public issue. Instead, please report it through one of the following channels:

	* Email: security@huggingface.co
	* Hugging Face Hub: Use the "Report" feature on the repository’s Hub page if applicable.

	Please include a detailed description of the vulnerability and, if possible, a Proof of Concept (PoC) to help us reproduce the issue.

	## Scope
	The following types of vulnerabilities are of particular interest:
	* Remote Code Execution (RCE): Vulnerabilities that allow an agent to execute unauthorized code outside of its intended environment.
	* Credential Leakage: Skills that inadvertently expose API keys, tokens, or sensitive environment variables.
	* Injection Attacks: Vulnerabilities in skills that handle user input for database queries or shell commands.

	## Our Response Process
	1. Acknowledgment: We will acknowledge your report within 48 business hours.
	2. Investigation: Our team will investigate the issue and determine its impact.
	3. Fix and Disclosure: Once a fix is ready, we will coordinate a release and, with your permission, credit you for the discovery.

	Thank you for helping keep the Hugging Face ecosystem safe!

Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.

	# Security Policy

	## Reporting a Vulnerability
	We take the security of this project seriously. If you discover a security vulnerability within this repository, please do not open a public issue. Instead, please report it through one of the following channels:

	* Email: security@huggingface.co
	* Hugging Face Hub: Use the "Report" feature on the repository’s Hub page if applicable.

	Please include a detailed description of the vulnerability and, if possible, a Proof of Concept (PoC) to help us reproduce the issue.

	## Scope
	The following types of vulnerabilities are of particular interest:
	* Remote Code Execution (RCE): Vulnerabilities that allow an agent to execute unauthorized code outside of its intended environment.
	* Credential Leakage: Skills that inadvertently expose API keys, tokens, or sensitive environment variables.
	* Injection Attacks: Vulnerabilities in skills that handle user input for database queries or shell commands.

	## Our Response Process
	1. Acknowledgment: We will acknowledge your report within 48 business hours.
	2. Investigation: Our team will investigate the issue and determine its impact.
	3. Fix and Disclosure: Once a fix is ready, we will coordinate a release and, with your permission, credit you for the discovery.

	Thank you for helping keep the Hugging Face ecosystem safe!