oss-maintainer-kit is an initial-stage open-source project. Security fixes should target the current main branch unless release branches are introduced later.

Please do not publish sensitive vulnerability details in a public issue.

Send a private report to the maintainer with:

• A short description of the issue.
• Steps to reproduce.
• Affected files or commands.
• Any relevant input data, with secrets removed.

Do not commit API keys, access tokens, private repository data, or personal information. The default CLI workflow does not require an OpenAI API key.