Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following methods:

Use GitHub's private vulnerability reporting to submit a report directly.

Send an email to the maintainers with:

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours of your report
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity and complexity

We will keep you informed of progress toward a fix and may ask for additional information or guidance.

• We follow coordinated disclosure
• Security fixes will be released as soon as practical
• We will credit reporters in release notes (unless anonymity is requested)

This security policy applies to:

• The project's CLI tool
• The project's source
• Official distribution channels (crates.io, GitHub releases)

When using these tools:

• Keep your installation up to date
• Verify checksums when downloading releases
• Report any suspicious behavior

Thank you for helping keep our code secure!