Please do not open public issues for security vulnerabilities.

To report a security vulnerability, please email: contact@workingmem.ai

We will respond within 48 hours and provide updates as the issue is addressed.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

This tool:

• Makes HTTP requests to AustLII and jade.io
• Does not store user data
• Does not require authentication
• Runs locally as an MCP server
• Extracts digital text from PDFs via pdf-parse (no OCR)

• Keep dependencies updated (npm audit fix)
• Review source code before running
• Use in trusted environments only
• Be aware of rate limiting when querying public APIs

• Run npm audit before submitting PRs
• Follow secure coding practices
• Report vulnerabilities privately
• Test security-related changes thoroughly

We monitor dependencies for vulnerabilities using:

• npm audit
• Dependabot alerts
• Regular dependency updates

This tool makes requests to:

• AustLII (public legal database)
• jade.io (if user provides URLs)

Users should:

• Respect terms of service of these platforms
• Implement rate limiting in production use
• Not expose this tool to untrusted input sources

Security updates are released as soon as possible after a vulnerability is confirmed. Users should:

• Subscribe to GitHub releases
• Monitor npm advisories
• Update promptly when security releases are published

For security-related questions: contact@workingmem.ai

For general questions: Open a GitHub issue