Hamlet's Ghost is a local research instrument with write endpoints protected by an admin token.

Do not report vulnerabilities by posting secrets, exploit details, or live credentials in a public issue. If GitHub private vulnerability reporting is enabled for the public repository, use that channel. If it is not enabled, open a public issue titled Security contact request with no sensitive details so a private channel can be arranged.

Rotate any token that may have been exposed while reproducing a problem.