Security

Report a vulnerability

SECURITY.md

Security Policy

Supported scope

Security reports are welcome for:

auth-state handling
secret exposure in logs/artifacts
approval bypasses
API auth issues
isolation boundary failures
takeover URL exposure
unsafe file handling

Out of scope

The following are not considered valid security goals for this project:

anti-bot bypass
CAPTCHA solving
stealth / undetectable automation
deceptive fingerprinting

Reporting

Please report security issues privately to the maintainer before opening a public issue.

Include:

impact
affected version/commit
repro steps
logs, screenshots, or PoC if available

Handling goals

The project aims to:

acknowledge reports quickly
confirm severity and scope
ship the smallest safe fix
document user-facing mitigation steps when needed

There aren’t any published security advisories