If you discover a security vulnerability in this project, please report it by opening a GitHub Security Advisory.

Please do not report security vulnerabilities through public GitHub issues.

This project is a data catalog — it contains YAML model data files, TypeScript type definitions, and scrape scripts. Security vulnerabilities in this context would include:

• Malicious code in scrape scripts that could compromise the build environment
• Supply chain vulnerabilities in dependencies
• Data integrity issues where model data is intentionally corrupted

Out of scope:

• Incorrect model pricing or capability data (report as a bug)
• Missing providers or models (report as a provider request)

We aim to acknowledge security reports within 48 hours and provide a fix within 7 days.