Report vulnerabilities through a private channel before any public disclosure.

• pack hook resolution and execution
• write and branch policies
• generated runtime projection
• GitHub integration and associated permissions
• manipulation of repositories cloned into repos/

• a minimal reproduction scenario
• the impact on workspaces, packs, or target repositories
• whether privilege escalation or scope escape is possible