If a vulnerability affects credentials, sandbox boundaries, file access, permissions, shell execution, MCP integration, or session persistence, please report it privately rather than opening a public issue.
Include:
- a clear description of the issue
- impact and affected area
- reproduction steps or a minimal proof of concept
- any suggested mitigation, if available
Security-sensitive areas in Essentials include:
- authentication and credential storage
- permission checking and tool approval flows
- shell command execution
- sandbox behavior and path validation
- file read/write/edit boundaries
- MCP client integration
- session persistence and exported transcripts
Please allow time to validate and patch the issue before public disclosure.
For non-sensitive bugs, use the normal issue tracker instead.