Security Policy
The complete Skills IL policy for skill security and user protection
by Skills IL Security TeamPublished on September 1, 20254 min read
securitypolicycompliancefrontmatter
Security Policy
Security Commitment
Skills IL is committed to securing every skill on the platform. Every skill undergoes a comprehensive security audit before publication.
Review Process
Step 1: Automated Static Analysis
All code is automatically scanned for:
- Known security vulnerabilities (CVE)
- Dangerous code patterns
- Exposed secrets and tokens
- Excessive permissions
Step 2: Dependency Audit
All dependencies are checked against:
- Vulnerability databases (NVD, GitHub Advisory)
- Incompatible licenses
- Deprecated packages
Step 3: Human Review
Our security team manually reviews:
- Skill logic
- Access permissions
- Sensitive data handling
- Compliance with Israeli regulations
YAML Frontmatter Security
The frontmatter appears in Claude's system prompt. Therefore:
- Forbidden: XML angle brackets (
<or>) - could inject instructions - Forbidden: Skills named with "claude" or "anthropic" prefix - reserved names
- YAML is parsed safely without code execution
Vulnerability Reporting
If you found a security vulnerability, please report through:
We commit to addressing every report within 48 hours.
Updates
This policy is regularly updated. Last update: February 2026.