hesreallyhim · hesreallyhim · Jan 19, 2026 · Jan 19, 2026 · Jan 19, 2026
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
@@ -0,0 +1,34 @@
+# Security Policy
+
+This repository does not export any executible software, and
+it is, at the end of the day, just a Markdown file with a
+lot of internal plumbing. No private information is collected
+or stored, except such as can be found on public GitHub
+repositories, or what is submitted by individual users
+when recommending a resource for inclusion on the list.
+
+For these reasons, the surface area of vulnerability for a
+security incident is rather limited, and is almost entirely
+limited to the credentials of the maintainer.
+
+That being said, if you do notice any security flaws, risks,
+or vulnerailities (even if they only potentially affect
+the maintainer), you are welcome and encouraged to open a
+private security advisory, which you can do so [here](https://github.com/hesreallyhim/awesome-claude-code/security/advisories/new).
+
+## Security of Third-Party Resources
+
+Any security vulnerabilities or incidents relating to any of the
+third-party resources that are featured on Awesome Claude Code
+should first and foremost be reported according to the security
+policy of the respective third-party repository.
+
+However, in order to assist in ensuring the safety and security
+of the resources included here, you are strongly encouraged
+to _also_ report any such vulnerabilities to the maintainer
+of this repo. While it is outside of our capacity, or of our
+obligation, to enforce or investigate third-party security
+violations, we will take such reports seriously.
+
+We take the same approach to any (undisclosed) risks
+to users' privacy.