Please do not open public issues for security vulnerabilities.

Use GitHub Security Advisories to report vulnerabilities privately. This is the preferred method.

Alternatively, email security@usewayfind.ai.

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact

• Code execution vulnerabilities in the CLI or hooks
• Data exfiltration from state files or journals
• Credential exposure in logs or output
• Authentication bypass in the Slack bot

• Acknowledge: Within 48 hours
• Assessment: Within 1 week
• Fix: Depends on severity, but we aim for patches within 2 weeks for critical issues

Only the latest version published to npm is supported with security updates.