If you believe you have found a security vulnerability in webpipe, please report it privately.

• Do not open a public issue with exploit details.
• Include:
  • affected version / commit
  • minimal reproduction steps
  • impact assessment (what an attacker can do)

webpipe performs network fetches. Treat all fetched content as untrusted input.