CohortLint operates locally and does not contain telemetry or upload genomic files.
Reports may contain local file paths, sample identifiers, read-group sample names, and VCF sample names. Treat generated reports according to the same institutional data-handling policies that apply to the manifest.
Do not submit protected health information, access tokens, private storage URLs, genomic records, or unredacted reports through public GitHub issues.
For a suspected vulnerability, contact the maintainer privately through the security advisory interface of the GitHub repository. Include a minimal reproduction that does not contain sensitive research data.