Report vulnerabilities via GitHub Security Advisory.
Do not open public issues for security-sensitive matters.
| Version | Supported |
|---|---|
latest minor (0.1.x) |
✅ |
| older | ❌ |
- Secret handling in the CLI and Action
- OAuth token handling and storage
- Input validation in config and sender modules
- Dependency vulnerabilities
Out of scope: misconfiguration of your own GCP, Mailgun, or GitHub account; ad-blockers; downstream consumer code.