Do not open a public issue for a suspected security vulnerability.
Instead, report it privately to:
ibitato@gmail.com
Please include:
- a clear description of the issue
- affected versions or commits if known
- reproduction steps or proof of concept
- impact assessment if available
Security-relevant areas include:
- local tool execution
- permission handling
- credential handling
- provider request construction
- config and session persistence
- logging and secret redaction
TriadLLM is a small maintained project, so response times are best-effort rather than guaranteed.
The goal is to:
- acknowledge the report
- verify the issue
- fix or mitigate it
- disclose the resolution appropriately
Never include real API keys, tokens, or private credentials in security reports unless strictly necessary. If you must include sensitive material, make that explicit in the message.