Do NOT open a public GitHub issue for security vulnerabilities.
Email security details to: [email protected]
Include: description, steps to reproduce, potential impact, and suggested fix (if available).
- We will acknowledge receipt of your report
- We will provide an initial assessment
- We will keep you informed of our progress and resolution timeline
- We will work with you to understand and resolve the issue
- We will credit you for the discovery (unless you prefer to remain anonymous)
- We will publish a security advisory after the vulnerability is patched
- We will coordinate public disclosure with you
-
Context Isolation: It is strictly forbidden to include production credentials, API keys, or Personally Identifiable Information (PII) in prompts sent to third-party LLMs or automation services.
-
Supply Chain: All automated dependencies must be verified.