If you discover a security vulnerability in Claude Anchor, please report it responsibly.

• Open a GitHub Security Advisory (preferred)
• Or contact the maintainers via the Super Basic Studio GitHub profile

Please do not open a public GitHub issue for security vulnerabilities.

• Description of the vulnerability
• Steps to reproduce
• Affected templates
• Potential impact

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix: Depends on severity

Claude Anchor is a collection of markdown templates with no executable code. Security concerns are limited to:

• Template content that could mislead Claude into unsafe behavior
• Placeholder patterns that could cause injection issues when filled in
• Documentation that incorrectly advises storing secrets

Out of scope:

• Vulnerabilities in Claude Code itself
• Issues in user-customized template content
• Social engineering attacks

• No executable code — Pure markdown templates
• No dependencies — Nothing to audit or update
• No network requests — Works entirely offline
• No secrets handling — Templates explicitly warn against storing credentials