Security fixes are applied to the latest published @promptc/* packages.

Use GitHub private vulnerability reporting for this repository, or contact the maintainer listed in package.json if private reporting is unavailable.

Do not open a public issue for vulnerabilities involving prompt data exposure, unsafe file handling, or CI/package-publishing credentials.

promptc is designed as an offline compiler. The compile path does not call a language model or external service. File access should remain explicit through CLI arguments or documented APIs.