This policy applies to every repository in the OTSkit organization (@otskit/core, @otskit/client, @otskit/mcp, OTSkit Skills).

Please report security vulnerabilities to dissentis.ai@gmail.com.

Do not open a public GitHub issue for security vulnerabilities.

Only the latest published version of each package is supported with security fixes. All packages are pre-1.0; fixes ship as the next patch or minor release.