If you find a security issue in Riprap, please report it privately so it can be triaged before disclosure.

• Email: msrahmanadam@gmail.com (subject prefix: [riprap-security])
• Or open a GitHub Security Advisory on this repository.

Please do not file a public GitHub issue for security reports.

We aim to acknowledge reports within 72 hours and to ship a fix or a mitigation plan within two weeks of triage. If the report concerns a vulnerability in an upstream model or service Riprap depends on (IBM Granite, vLLM, Hugging Face Spaces, NYC Open Data endpoints), we will help coordinate disclosure with the upstream maintainer.

Riprap is a citation-grounded synthesis layer over public-record data. By design, the runtime:

• contacts only public-record APIs (NYC Open Data, FloodNet, USGS, NOAA, NWS, NYS DOH, MTA, NYCHA, NYC DOE, OpenStreetMap / Nominatim) and the configured inference Spaces;
• does not authenticate against user accounts or store user-identifying data — the address bar is the only input;
• runs the SvelteKit UI as a static SPA over a FastAPI backend with no persistent database.

The vulnerability surface is therefore small. Plausible categories worth a report:

• Prompt-injection paths via document content that escape the Mellea grounding loop and surface unverifiable claims as cited.
• SSRF / abuse via crafted address strings that drive backend HTTP calls to unintended hosts.
• Token leakage in proxy headers or SSE streams (inference-vllm/proxy.py, web/main.py).
• Denial-of-service patterns that exceed the hosted Space's resource budget.
• Supply-chain issues in pinned deps (requirements.txt, web/sveltekit/package.json).

• Self-hosted deployments running with custom configuration or custom datasets — please file those as regular bugs.
• Findings that require physical or local-network access to a user's machine.
• Issues in the lablab.ai or Hugging Face Spaces hosting platforms themselves; please report those upstream.