Security fixes target the latest published minor version of codex-plugin-doctor.

Please do not open a public issue for suspected vulnerabilities.

Report security concerns through GitHub Security Advisories for this repository when available, or contact the maintainer through the GitHub profile linked from the repository owner.

Useful report details:

• affected version or commit
• command that triggered the issue
• target package shape or minimal reproduction
• whether credentials, local paths, or generated transcripts were exposed
• expected safe behavior

• Validation should be local-first and deterministic.
• Runtime probes should redact generated prompt argument values and avoid leaking secrets.
• Install previews must not modify local agent configuration files.
• Future apply/write flows must create backups before mutation.
• Findings should explain impact and remediation clearly.