Please report security vulnerabilities responsibly.
- Do not open a public issue with exploit details.
- Use GitHub private vulnerability reporting when available.
- Include a clear description, impact, and reproduction steps.
We will acknowledge reports as quickly as possible and work on a fix.
- Never commit API keys or credentials.
- Prefer environment variable references in YAML, for example
${OPENROUTER_API_KEY}. - Keep
.envlocal and out of version control.