Do not open a public issue for suspected security problems.
Instead, use GitHub private vulnerability reporting if it is enabled for the repository. If not, contact the repository owner directly and include:
- A clear description of the issue
- Reproduction steps
- Impact assessment
- Any suggested mitigation
This project handles local file access and third-party LLM API requests. Reports involving path handling, unintended file writes, prompt injection impact, credential exposure, and dependency risk are in scope.
Please allow time to investigate and ship a fix before public disclosure.