If you discover a security issue in OpenPrd, please do not open a public issue with exploit details.
Send a private report with:
- affected version / commit
- reproduction steps
- impact assessment
- any suggested mitigation
If no dedicated reporting channel is available, contact the maintainer through a private channel first.
Relevant examples include:
- credential leakage
- unsafe file export behavior
- diagram contract injection leading to unsafe output
- issues that could expose sensitive data in
.openprd/workspaces