Blanzy Labs repositories are local-first demonstration and developer tools unless a repository states otherwise.
If you believe you have found a vulnerability, please open a private security advisory on GitHub if available, or contact the maintainer through an appropriate non-public channel if one is provided.
Do not disclose vulnerabilities publicly before maintainers have had reasonable time to review and respond.
Do not submit real secrets, tokens, personal data, proprietary data, or client data in public issues, pull requests, discussions, or logs.
If you accidentally commit a secret, revoke or rotate it immediately before opening an issue or notifying maintainers. Removing the value from a later commit does not make the exposed secret safe.
App-specific security details live in each repository's docs/security-and-privacy.md file or equivalent documentation.
Out of scope:
- Social engineering.
- Spam.
- Denial-of-service testing.
- Destructive testing.
- Attacks on third-party model providers.
- Attempts to access data that is not yours.
Local-first apps are not hardened for public internet exposure unless explicitly stated.