If you discover a security issue in this lab, do not open a public issue.
Email security@ with:
- A description of the issue and its impact.
- Reproduction steps or a proof-of-concept.
- Affected commit or release.
You will receive an acknowledgement within 2 business days and a remediation timeline within 10 business days.
In scope: code, IaC modules, workflows, and AI guardrail configurations in this repository. Out of scope: third-party services referenced in documentation.
We follow coordinated disclosure. Public advisories are published via GitHub Security Advisories once a fix is available.
Only the main branch is actively maintained. Security fixes are not backported to tagged releases unless explicitly noted.