This repository provides templates for building MVPs with AI coding agents. While it contains no executable code, responsible usage of these templates requires security awareness.

• Never commit .env files with API keys
• Use environment variables for all credentials
• Rotate keys if accidentally exposed

• Review data retention policies: Claude, Gemini, OpenAI
• Use business/enterprise accounts for proprietary code
• Disable data sharing in consumer Claude accounts

• Always review AI-generated code before deployment
• Run security scanners (npm audit, Snyk, etc.)
• Test in isolated environments first
• Follow OWASP guidelines for web applications

• Treat MCP connections like production database credentials
• Restrict agent access to non-production systems during development

If you discover a security issue in the prompt templates or workflow:

1. Do NOT open a public issue
2. Email: [your-email] or use GitHub's private vulnerability reporting
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

This security policy covers:

• ✅ Vulnerabilities in prompt templates that could lead to insecure practices
• ✅ Issues with recommended workflows that expose user data
• ❌ Security issues in code generated by users with these templates
• ❌ Third-party AI platform vulnerabilities