shoko/jujutsu-skills
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

docs(polymarket-browse): create SECURITY.md tracking audit findings #38

Closed
shoko wants to merge 0 commits from docs/3-security-audit-tracking into master
pull from: docs/3-security-audit-tracking
merge into: shoko:master
Conversation 2 Commits - Files Changed - +25
shoko commented 2026-03-26 20:17:34 +01:00
Owner
Copy Link

Summary

Create SECURITY.md documenting the 2026-03-25 security audit findings.

Changes

  • Create SECURITY.md with security policy
  • Document all 7 security issues from the audit
  • Track their fix status (all resolved)
  • Add reporting instructions

Issues Addressed

  • CRITICAL: Telegram bot token exposure
  • HIGH: HTML injection in Telegram
  • MEDIUM: Insufficient URL encoding
  • MEDIUM: --detail bounds not validated
  • MEDIUM: No response size limits
  • LOW: Bare except: clauses
  • LOW: No API rate limiting

Testing

70/70 tests passing

## Summary Create SECURITY.md documenting the 2026-03-25 security audit findings. ## Changes - Create SECURITY.md with security policy - Document all 7 security issues from the audit - Track their fix status (all resolved) - Add reporting instructions ## Issues Addressed - CRITICAL: Telegram bot token exposure - HIGH: HTML injection in Telegram - MEDIUM: Insufficient URL encoding - MEDIUM: --detail bounds not validated - MEDIUM: No response size limits - LOW: Bare except: clauses - LOW: No API rate limiting ## Testing 70/70 tests passing
shoko added 1 commit 2026-03-26 20:17:34 +01:00
docs(polymarket-browse): create SECURITY.md tracking audit findings 350fe17e87 
- Document fixed security issues from 2026-03-25 audit
- Track all 7 security issues and their fixes
- Add reporting instructions
shoko reviewed 2026-03-27 01:51:05 +01:00
shoko left a comment
Author
Owner
Copy Link

Review requested

Review requested
shoko added the need review label 2026-03-27 01:52:48 +01:00
han commented 2026-03-27 02:27:52 +01:00
Collaborator
Copy Link

no need to add this in the skill because it will confuse the user/agent who use it. also adding overhead to track the task management in multiple places

no need to add this in the skill because it will confuse the user/agent who use it. also adding overhead to track the task management in multiple places
han removed the need review label 2026-03-27 02:28:03 +01:00
han closed this pull request 2026-03-27 02:28:06 +01:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
approved
bug
Bug fix
 critical
Critical severity - stop using until fixed
 enhancement
Enhancement or feature
 high
High severity - fix ASAP
 in review
low
Low severity
 medium
Medium severity
 need adjustment
need clarification
need review
security
Security-related issues
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
han shoko
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: shoko/jujutsu-skills#38
Delete Branch "docs/3-security-audit-tracking"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?