Please do not open public GitHub issues for suspected security vulnerabilities.
Instead, report vulnerabilities privately to the project maintainers with:
- a clear description of the issue
- affected components
- steps to reproduce
- impact assessment
- suggested mitigation if available
Security-sensitive areas include:
- plugin loading
- archive extraction and traversal
- malformed binary parsing
- command handling
- file export behavior
We appreciate responsible disclosure and will work to validate and address legitimate reports as quickly as possible.