If you discover a security vulnerability, please report it privately by email to: security@meta.com

Do not report security issues in public GitHub issues, pull requests, or discussions.

This policy covers security issues related to this repository, including:

• Dangerous or unsafe commands in skill content
• Guidance that could cause insecure app behavior if followed as written
• Vulnerabilities in hzdb MCP server integration workflows documented in this repo

Meta will acknowledge receipt of your report and follow up with next steps.