Skip to content

Security: KazKozDev/cbt-assistant

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please do not open public GitHub issues for security-sensitive problems.

Report vulnerabilities privately with:

  • a clear description of the issue
  • affected files, endpoints, or flows
  • reproduction steps or proof of concept
  • expected impact

Until a dedicated private reporting channel is added, use the contact links listed in README.md and clearly label the message as a security report.

Scope

Security-relevant issues may include:

  • unsafe handling of personal or session data
  • prompt injection or unsafe tool behavior
  • exposed local services or unintended remote access
  • unsafe file handling or command execution paths
  • weaknesses in report export, TTS, or sync endpoints

Disclosure

Please allow reasonable time for triage and remediation before public disclosure.

There aren't any published security advisories