ProofPacket is designed to avoid storing raw prompts, outputs, files, local paths, source URLs, and secrets by default. Security-sensitive reports are welcome.

Please do not open a public issue for a vulnerability that could expose user data. Email the maintainer or use GitHub's private vulnerability reporting if enabled on the repository.

Interesting reports include:

• Raw content captured despite default privacy settings
• Hash verification bypasses
• Packet tampering that verifies as valid
• Source URL, local path, or filename leaks in default mode
• Dependency or packaging issues that affect users

ProofPacket is not a sandbox, policy engine, DLP system, or compliance product.