Please report security vulnerabilities privately instead of opening a public issue.
Primary contact:
- Vish: https://vish.au
Please include:
- affected version
- reproduction steps
- impact
- logs or proof of concept if safe to share
This policy covers:
- prompt-injection bypasses
- secret leakage
- unsafe tool execution
- retrieval injection
- audit integrity issues