Please do not open public GitHub issues for security vulnerabilities. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (optional)
We will respond within 48 hours and aim to patch within 7 days.
In scope: API endpoints, MCP server, SDKs, credits/payment system. Out of scope: third-party services indexed in the Wayforth catalog.