Scriptographer executes PowerShell scripts across Windows machines, so security reports are appreciated and should be handled privately.
Please do not open a public issue for suspected vulnerabilities.
Use GitHub private vulnerability reporting if it is available for this repository. If it is not available, open a minimal issue asking for a private contact channel without including exploit details, credentials, target names, logs with secrets, or proof-of-concept code.
Include when possible:
- Affected version or commit
- Impact and affected feature area
- Reproduction steps
- Relevant logs with sensitive values removed
- Suggested mitigation, if known
Security fixes target the current main branch unless a maintained release branch is documented.
Reports involving script execution, credential handling, remote deployment behavior, local database storage, log exposure, packaging, or privilege boundaries are in scope.