If you find a security issue, do not open a public issue with exploit details.
Use a private disclosure path controlled by the project owner.
- provider auth header handling
- proxy streaming correctness
- regex backtracking behavior
- DNA payload persistence
This repository includes security-sensitive surfaces, but it is still pre-production.