If you find a security issue in CodexKit, please report it privately before opening a public issue.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
- scripts that write to unsafe locations
- prompts or templates that encourage insecure behavior
- docs that suggest dangerous defaults
- accidental credential or secret exposure
Open a private security advisory in your Git hosting platform. If private vulnerability reporting is not enabled yet, contact the maintainers through the repository security channel and avoid posting exploit details in a public issue.
- acknowledge within 3 business days
- assess impact and reproduction steps
- ship a fix or mitigation note as quickly as practical