This is an exam-prep project, not a production service. However, if you discover a security issue (e.g., credential leak, unsafe code execution, or data exposure in exam_memory/), please report it responsibly.

Do NOT open a public issue for security vulnerabilities.

Instead, email the maintainer directly or use GitHub's private vulnerability reporting.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment within 72 hours
• Fix or mitigation within 7 days for confirmed issues

Areas of concern:

• exam_memory/ — stores personal study data; must not leak to public repos
• MCP server — runs locally with filesystem access
• Skills — executed as LLM prompts; must not inject unsafe instructions
• API keys or credentials in config files

• Algorithm solution correctness (not a security issue)
• Third-party model provider availability
• Rate limiting on external APIs