If you believe you have found a security vulnerability in Argent, please avoid posting full exploit details in a public issue right away.

• Prefer GitHub's private vulnerability reporting flow.
• If that is not available, use the most direct private maintainer contact method listed on the repository or profile.
• If private reporting is not possible, keep any initial public report minimal and avoid sharing secrets, exploit steps, or sensitive system details.

Please include:

• a short description of the issue
• affected versions or commit range if known
• reproduction steps
• impact
• any suggested mitigation

Argent is pre-release software. Reports are still very helpful, especially around:

• Electron or webview boundary issues
• filesystem access issues
• terminal execution issues
• secret storage handling
• command injection or path traversal risks

Security reports are appreciated, but there is no guaranteed response SLA yet.