This project is self-hosted software. Security reports should focus on:

• local web UI issues
• unsafe file handling
• accidental exposure of cookies, sessions, or local secrets
• dependency vulnerabilities in committed code or install flow

• platform-side anti-bot behavior
• account lockouts caused by local usage
• copyright or platform policy complaints

Do not open a public issue for a security problem that could expose local data.

Report privately with:

• affected file or feature
• steps to reproduce
• impact
• suggested mitigation if known

If you cannot report privately, open a minimal public issue without secret or exploit details.