Human Mode is a local desktop app that can inspect processes, read supported browser tab metadata, send notifications, and optionally close matching targets. Security reports should focus on those boundaries.

Please do not open a public issue for vulnerabilities that expose private data, allow unintended process termination, or bypass user consent.

Send a private report to the project maintainer through GitHub Security Advisories once the repository is public. Include:

• Operating system and version.
• Human Mode version or commit.
• Reproduction steps.
• Expected and actual behavior.
• Logs or screenshots with private data removed.

In scope:

• Reading more browser data than documented.
• Closing a process or tab that is not a watched target.
• Persisting settings or usage data unexpectedly.
• Permission prompts that misrepresent what the app does.

Out of scope:

• Bypassing Human Mode by renaming tools, changing domains, or using unsupported browsers.
• Reports that require malware, admin-level tampering, or physical access.
• General complaints that AI blocking is not strict enough.