Please report security issues privately by emailing hello@specdd.ai.

Do not open public issues or pull requests for suspected vulnerabilities.

Include enough detail to reproduce or understand the issue, including affected versions, editor actions, relevant files, workspace layout, and any proof of concept if available.

We will review reports and coordinate fixes before public disclosure where appropriate.

Do not commit GitHub tokens, registry credentials, generated credential stores, or command output that includes secret values.