Report vulnerabilities via GitHub private vulnerability reporting (or open a security-tagged issue if reporting is unavailable).
Scope: this repository and its default configuration (localhost API/UI, stdio MCP).
Operational safety (fleet, desktop automation, pywinauto): see docs/SAFETY.md.
Repo meta (spam, coordinated bad-faith reports, “AI repo” disputes): prefer one factual issue or Discussion — see docs/REPO_HYGIENE.md.