Apache License 2.0. Copyright 2026 PulsarOS Intelligence Inc.

BACKBONE is a prompt protocol distributed as Markdown plus a small bash installer. The security surface is small but real. This document describes how to report vulnerabilities and what we commit to in response.

We classify the following as in-scope security issues:

1. A way for an attacker to substitute a malicious SKILL.md or distribution adapter at the point of distribution and have it loaded by an unsuspecting user's agent.
2. A flaw in a banned-phrase regex that lets a dodge phrase escape detection in a way that meaningfully degrades the protocol.
3. A defect in a worked example or replacement structure that leaks user secrets, paths, or credentials.
4. A vulnerability in any sample shell snippet from the README or examples that allows command injection, path traversal, or unintended file overwrite outside the intended target directory.

We classify the following as out-of-scope for SECURITY.md and welcome them as normal issues:

• Disagreements about whether a phrase should be banned.
• Suggestions to expand or contract the decision matrix.
• Requests for additional distribution adapters.
• Translations.

Please report security issues privately, not in a public issue.

We do not run a paid bug bounty for BACKBONE at this time. We do offer public credit in the changelog and a thank-you note in the repository's SECURITY-CREDITS.md (added when the first valid report lands).

We commit to the following timeline for any in-scope, valid report:

If we decide a report is out of scope or already known, we will explain why and link to relevant prior discussion. If we ask for additional information, we will be specific about what we need.

We prefer coordinated disclosure: you give us a chance to fix and release before going public. Standard timeline is 90 days from initial report to public disclosure, extendable by mutual agreement for complex issues. If we miss our own deadline without justification, you are released from the embargo.

We will not pursue legal action against good-faith security researchers who follow this process.

Each release is anchored to an annotated git tag. To verify integrity, clone over HTTPS and check that the tag points at the commit you expect:

git clone https://github.com/PulsarOSDevTeam/backbone.git
cd backbone
git verify-tag v1.1.0   # only succeeds if the tag is signed; v1.1.0 is annotated, not signed
git log -1 v1.1.0       # inspect the commit; pin to the SHA in your own systems

For now, integrity rests on GitHub's HTTPS plus the immutability of git history under branch protection (force-push and deletion are blocked on main). A future release will add cosign-signed releases for stronger guarantees, tracked in FOLLOWUPS.md.

What BACKBONE protects against:

• Honest users who trust the protocol because it is published with verified hashes from a known author.
• Casual tampering at distribution time (mitigated by HTTPS + sha256 manifest).

What BACKBONE does NOT protect against:

• A determined attacker who compromises the canonical hosting infrastructure AND the integrity manifest simultaneously.
• A user who downloads BACKBONE from an unofficial mirror without verifying hashes.
• Forks that add malicious content and redistribute under the BACKBONE name; the trademark is not enforced.
• Compromise of the user's local Claude Code, Cursor, Aider, or other agent installation; that is outside our threat model.

Yassine Belkhouja, PulsarOS Intelligence Inc., Ottawa, Canada.

Engage the bug. Or name the dodge. Never both at once.