Security

SECURITY.md

Security Policy

Reporting a vulnerability

Please do not open public issues for security-sensitive problems.

Report vulnerabilities privately to:

GitHub account: @Zhao73

Include:

affected area
reproduction details
impact
any suggested mitigation

Scope

Priority areas:

local file import and parsing
browser-based reference capture
skill export and install scripts
secret handling or accidental credential exposure

There aren't any published security advisories