Security fixes are handled on the default branch until versioned releases are introduced.

Do not open a public issue for vulnerabilities, secrets, or private document exposure.

Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled, contact the repository owner through the private channel listed on their GitHub profile.

Please include:

• A short description of the issue.
• Steps to reproduce.
• Impact and affected files or commands.
• Whether sensitive documents, generated OCR output, or credentials may be involved.

This skill processes local PDFs and images. Generated outputs may contain sensitive document text. Review *_ocr.md and hidden .ocr_work/ artifacts, including internal JSON and quality reports, before sharing logs, issues, screenshots, or reproduction cases.

The bundled scripts may install Python dependencies when run with --auto-install-deps. Review dependency changes before using the skill in restricted environments.