Please do not open a public issue for a suspected vulnerability.

Report privately through GitHub Security Advisories for this repository. Include:

• Affected version or commit.
• Reproduction steps.
• Expected impact.
• Whether the issue requires user interaction or a malicious repository.

• It reads staged Git diffs from the local repository.
• It sends staged diff excerpts to the configured Ollama endpoint.
• The default Ollama endpoint is http://127.0.0.1:11434.
• It does not intentionally contact hosted model APIs.
• Manual commit-message flows delegate to git commit.

Treat the configured Ollama endpoint as trusted. If GCOMMIT_OLLAMA_URL points to a remote server, staged code may be sent to that server.