Enhance security policy with reporting and disclosure details

Expanded the security policy to include details on reporting vulnerabilities, CVE coordination, scope of issues, and disclosure policy.

SECURITY.md

@@ -0,0 +1,47 @@
+# Security Policy
+
+ ## Supported Versions
+
+ | Version | Supported |
+ |---------|-----------|
+ | Latest  | Yes       |
+
+ ## Reporting a Vulnerability
+
+ If you discover a security vulnerability in prompts.chat, please report it responsibly.
+
+ **Do NOT open a public GitHub issue for security vulnerabilities.**
+
+ Instead, please report vulnerabilities by emailing **security@prompts.chat**.
+
+ Include the following in your report:
+
+ - Description of the vulnerability
+ - Steps to reproduce
+ - Potential impact
+ - Suggested fix (if any)
+
+ ## CVE Coordination
+
+ We coordinate the CVE identification and disclosure process with the GitHub Security team. Confirmed
+  vulnerabilities will be tracked through GitHub Security Advisories, and CVE IDs will be requested
+ and assigned as appropriate.
+
+ ## Scope
+ The following are **out of scope**:
+
+ - Denial of service attacks
+ - Social engineering
+ - Issues in third-party dependencies (report these upstream)
+ - Attacks requiring physical access
+
+ ## Disclosure Policy
+
+ We ask that you give us reasonable time to address the issue before any public disclosure. We are
+ committed to working with security researchers and will credit reporters (unless anonymity is
+ preferred) once the issue is resolved.
+
+ ## Thank You
+
+ We appreciate the security research community's efforts in helping keep prompts.chat and its users
+ safe.