Security
The canonical security policy is in the repository root at SECURITY.md.
Private reporting contact
Send vulnerability reports to clawlter@mehalter.com.
If private email is not available, open a minimal public issue that requests a private channel without including exploit details.
Most relevant issue classes
- path traversal or root-escape behavior
- unintended sensitive-data exposure in output
- denial-of-service style regex behavior
- file handling that reads outside the requested scan root