This document outlines how to responsibly report security issues related to the public-facing components of Project Horizon.

We value community feedback and responsible disclosure practices. While much of our core logic is proprietary and hosted separately, this repository represents essential scaffolding for our development workflows and agent-ready infrastructure.

⸻

📣 Reporting a Vulnerability

If you discover a security issue in this repository: 1. Do not create a public GitHub issue. 2. Instead, contact us directly at: 📧 projecthorizon.stealth@gmail.com

Please include: • A clear description of the issue • Steps to reproduce (if applicable) • Any proposed fixes or recommendations

⸻

🔍 Scope of This Policy

This policy applies to: • Public-facing files in this repository (mcp_public/, scripts/, etc.) • Configuration files and CI workflows • Non-production utilities related to scaffolding, testing, or agents

This policy does not apply to proprietary logic hosted in private repositories.

⸻

✅ Responsible Disclosure

We will do our best to acknowledge and address validated reports promptly. We do not offer financial bounties at this time, but we deeply appreciate community vigilance.

Thank you for helping keep the ecosystem safe and secure.