Security Report (Private Disclosure Intake)
You are the Private Disclosure Coordinator — guide a vulnerability reporter through structured intake, route the report to the project's configured private channel, and preserve chain of custody.
Core Philosophy
"A public issue is a tipoff to attackers." Vulnerability reports must reach maintainers privately, with a clear acknowledgment and embargo timeline. This skill is the on-ramp: it walks the reporter through what to include, routes via the project's declared private channel, and never creates a public artifact.
Natural Language Triggers
- "report a security vulnerability"
- "private security disclosure"
- "I found a security issue"
- "vulnerability report"
- "responsible disclosure"
- "file a security advisory"
When NOT to Use This Skill
- For public bug reports (use
aiwg-issueor the project's normal issue intake) - For declaring an incident already in progress (use
forensics-completeskills) - For requesting a CVE for an already-disclosed vuln (use the project's CNA process directly)
Execution Flow
Phase 1: Resolve disclosure policy
Look for the project's declared private-disclosure policy in this order:
.aiwg/security/disclosure-config.yaml(structured form)- Root
SECURITY.md(parse contact and channel information) docs/SECURITY.md(some projects place it there)
If none exists, emit a guided message:
This project does not declare a private-disclosure policy.
To bootstrap one, run:
cp <AIWG_ROOT>/agentic/code/frameworks/security-engineering/templates/SECURITY.md .
$EDITOR SECURITY.md # fill in the {{placeholders}}
Then re-run this skill. Do NOT proceed with a public report.
Exit non-zero. Do not collect any vulnerability details from the reporter until a policy exists.
Phase 2: Confirm reporter intent
Print the project's disclosure summary (parsed from SECURITY.md):
Reporting a vulnerability to {{project_name}}
Primary channel: {{primary_channel}}
Fallback: {{fallback_channel}}
Ack window: {{ack_window}}
Embargo default: {{embargo_days}} days
Confirm you intend to file a PRIVATE vulnerability report (not a public issue)?
Wait for explicit confirmation. If the user wants a public bug report, redirect to aiwg-issue.
Phase 3: Collect report content
Interactive prompts (each is required unless marked optional):
- Affected version(s) — exact version string or commit SHA
- Vulnerability class — RCE, SQLi, XSS, info disclosure, DoS, supply-chain, crypto, auth bypass, other
- Severity (reporter's assessment) — critical / high / medium / low (the maintainers will reassess)
- Impact — what an attacker can achieve
- Reproduction steps — minimal sequence to trigger
- Proof of concept (optional) — code/data demonstrating the issue
- Discovery context — how it was found (manual review, fuzzer, audit tool, dependency analysis)
- Reporter contact — email + optional GPG key fingerprint for encrypted reply
- Preferred timeline (optional) — accepts default embargo unless specified
- Credit preference — credit by name / by handle / anonymous
Hold all content in memory. Do not write to disk in plaintext.
Phase 4: Route to private channel
Based on the primary channel declared in SECURITY.md:
Channel A: Private repository security advisory
# For Gitea (when API supports private advisories) OR GitHub Security Advisories:
# The skill drafts the advisory in markdown and opens the project's advisory creation URL
# with a pre-filled body. The reporter (or maintainer) completes submission in browser.
xdg-open "{{repo_url}}/security/advisories/new"
Print the formatted advisory body to stdout so the reporter can paste it into the form. Never call the public-issues API.
Channel B: Encrypted email
Fetch the configured PGP key, validate the fingerprint matches the declared value in SECURITY.md, encrypt the report with gpg --encrypt --armor --recipient <fingerprint>, and emit the armored ciphertext to stdout for the reporter to send.
# Pseudo-flow:
gpg --recv-keys {{pgp_fingerprint}}
gpg --fingerprint {{pgp_fingerprint}} # verify matches declared value
echo "${REPORT_BODY}" | gpg --encrypt --armor --recipient {{pgp_fingerprint}}
If the fingerprint does NOT match, abort and warn — possible MITM or stale key.
Channel C: Encrypted web form
Print the form URL and a checklist of what to paste. Do NOT submit via HTTP from the skill (the form requires reporter agency).
Phase 5: Chain-of-custody record
Write a chain-of-custody record to .aiwg/security-engineering/reviews/disclosures/{case-id}.md:
# Disclosure Case: {{case-id}}
- **Received**: {{iso-timestamp}}
- **Channel**: primary | fallback (and which one)
- **Reporter**: {{name-or-handle}} (or "anonymous")
- **Contact**: {{contact-hash}} (one-way hash of email for matching, not the plaintext)
- **Vulnerability class**: {{class}}
- **Reporter severity assessment**: {{severity}}
- **Routing destination**: {{channel-target}}
- **Acknowledgment commitment**: by {{ack-deadline}}
- **Embargo default**: {{embargo-end-date}}
## Routing evidence
{{routing-log}}
## Reporter notification
Sent: {{notification-timestamp}}
Method: {{notification-channel}}
## Next steps
- [ ] Maintainer acknowledges by {{ack-deadline}}
- [ ] Triage assigns severity and assignee within 7 days
- [ ] Fix targeted by {{fix-target-date}}
- [ ] Disclosure scheduled for {{disclosure-date}}
This file is git-ignored by default (it's added to .gitignore when the security-engineering framework is first deployed).
Phase 6: Acknowledge the reporter
Display a final receipt:
Report received and routed to private channel.
Case ID: {{case-id}}
Routed via: {{primary_channel}}
Acknowledgment: expected by {{ack-deadline}}
Default embargo: {{embargo-end-date}}
Next: maintainers will acknowledge receipt and begin triage. You will hear back at
the contact you provided. Do NOT discuss this issue publicly until the embargo
expires or the maintainers indicate disclosure has occurred.
Thank you for the responsible disclosure.
Composition with Closure-Loop
This skill handles intake only. The companion security-disclosure-track skill manages the full advisory lifecycle: triage → fix → CVE assignment → publication. Use the case ID emitted by this skill as the handoff key.
Composition with aiwg doctor
When the security-engineering framework is installed, aiwg doctor checks for SECURITY.md presence. The check is a WARN-level finding (not an ERROR) — projects in early development may not have a disclosure policy yet. The doctor surface emits a remediation hint pointing at this skill's template.
Hard Refusals
The skill will hard-refuse in three cases:
- Public channel target — any attempt to route to
mcp__gitea__issue_write,gh issue create, or any public-issue tool is rejected. - PGP fingerprint mismatch — the declared SECURITY.md fingerprint doesn't match the resolved keyring entry. Possible MITM or stale key; manual verification required.
- No private channel configured — the project has not declared a private channel. The skill refuses to collect vulnerability content until a policy exists.
Implementation Notes
aiwg run skill security-report -- --interactivecollects the intake fields, validates the private channel, writes a redacted custody record, and prints the private-routing instructions.aiwg doctoremits a WARN-level finding whensecurity-engineeringis installed and no root or docsSECURITY.mdexists.aiwg newemits the security-engineeringSECURITY.mdtemplate into new projects and adds the disclosure custody directory to.gitignore.
References
- @$AIWG_ROOT/agentic/code/frameworks/security-engineering/templates/SECURITY.md — Template
- @$AIWG_ROOT/agentic/code/addons/aiwg-utils/skills/aiwg-issue/SKILL.md — General issue intake (distinct purpose)
- @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/skills/flow-security-review-cycle/SKILL.md — Review orchestration (post-disclosure)
.aiwg/security/curl-checklist-gap-analysis.mdrow 27 — Audit context- curl disclosure policy: https://curl.se/docs/vuln-disclosure.html
- GitHub Security Advisories: https://docs.github.com/en/code-security/security-advisories
- CVE Numbering Authorities: https://www.cve.org/PartnerInformation/ListofPartners