| # Security Policy |
|
|
| This repository is a curated documentation and resource list. It does not ship a production service, package, or runtime. Security concerns can still appear in examples, scripts, links, or contribution material. |
|
|
| ## Please Report |
|
|
| - A linked resource that appears malicious or impersonates another project. |
| - A script or example that could cause unsafe actions if copied directly. |
| - Accidentally committed credentials, tokens, private URLs, or sensitive data. |
| - Guidance that could encourage unsafe production autonomy without approvals or escalation. |
|
|
| ## How To Report |
|
|
| Open a private security advisory if GitHub offers that option for this repository. If not, open an issue with sensitive details removed and ask for a maintainer response. |
|
|
| Do not post secrets, private customer data, exploit details, or internal URLs in public issues or pull requests. |
|
|
| ## Security Review Standard |
|
|
| Loop Engineering examples should be conservative: |
|
|
| - sensitive actions require human approval; |
| - production actions should be read-only by default unless explicitly scoped; |
| - credentials and secrets must never be included in examples; |
| - loops should have retry budgets, exit conditions, and escalation paths; |
| - verification should rely on concrete evidence, not only model self-assessment. |
|
|
