Please do not report vulnerabilities in public issues.
Use GitHub private vulnerability reporting:
https://github.com/ai-driven-dev/manifest/security/advisories/new
Security contact is also published at:
https://www.ai-driven-development.org/.well-known/security.txt
Useful reports include affected URLs or files, reproduction steps, expected impact, and any relevant logs or proof of concept details.
Do not access, modify, or delete data that does not belong to you.