If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue
- Email: security@mc-code.dev (or open a private security advisory on GitHub)
- Include: description, steps to reproduce, impact assessment
We will respond within 48 hours and aim to release a fix within 7 days.
- Command injection via bash tool
- Path traversal in file operations
- API key exposure
- Permission bypass