ForgeTools is a static, client-side web application with no backend, no user accounts, and no data collection. It fetches read-only public data from:
faforever.github.io/etfreeman-db/raw.githubusercontent.com/FAForever/fa/
Security issues are therefore unlikely, but if you find something — for example a malicious dependency, a cross-site scripting vector, or a problem with how external data is handled — please report it privately.
Open a GitHub Security Advisory rather than a public issue. Include a description of the problem and steps to reproduce it.
I'll acknowledge reports within a few days and aim to fix confirmed issues promptly.