Security

Security Policy

This site links to two main artifact types: markdown skills and Pi packages that may include installable TypeScript extensions. Review both the docs and the source before installing anything into an agent harness.

  • Markdown-first skills : Claude Code skills are primarily markdown instruction files. The harness executes tools, not the markdown itself.
  • Pi packages can ship code : Pi packages may include TypeScript extensions under pi-packages/**/extensions/. Treat those like installable source code, not like passive docs.
  • Build and manifest validation : CI validates manifests, package structure, and website builds so broken metadata and obvious shape problems are caught before merge.
  • Inspectable source : Published skills, package READMEs, and extension files live in this repository so engineers can inspect what they are installing.

To report a security vulnerability, please email security@diversio.com. Do not open a public issue.