If you believe you've found a security issue in wfkit, please don't open a public issue first.
Instead:
- Create a private security report through GitHub, if available.
- If that isn't available, contact the maintainer directly and include:
- what the issue is
- how it can be reproduced
- what impact you believe it has
Please give maintainers reasonable time to investigate and fix the issue before public disclosure.
Helpful reports usually contain:
- affected command or workflow
- exact version
- operating system
- proof of concept or reproduction steps
- impact assessment
Maintainers will review the report, validate it, and coordinate a fix when appropriate.
Response times can vary, but good reports make triage much faster.