Please do not open a public issue for a security problem.

Use GitHub's private reporting: on the repository's Security tab, choose Report a vulnerability. If that is unavailable, contact the maintainer through github.com/cfregly.

Include the version or commit, what you found, and a minimal way to reproduce it. Expect an acknowledgement within a few days.

This tool is a deterministic planner and demo. It reads the readout you point it at and writes a plan. It does not send mail, spend, post, or take any outward action on its own. That boundary is the point of the project, and the --audit-gates check enforces it. Where a tool can call the Anthropic API (an optional judge or a live example), it does so only when you supply a key and ask for it. Keep keys in a local .env that git ignores, and never commit one.