If you discover a security vulnerability in Mycelium, please report it responsibly.

Do not open a public issue.

Instead, email juliarvalenti@gmail.com with:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days for critical issues.

This policy covers all repositories in the mycelium-io organization, including:

• mycelium (CLI, backend, client)
• .github (organization configuration)
• Any adapter or plugin repositories