If you discover a security vulnerability in spass-tools, please report it responsibly:

1. Do not open a public issue
2. Open a private security advisory with a description of the vulnerability
3. Include steps to reproduce if possible

You should receive a response within 48 hours.

This project handles sensitive data (passwords). Security issues related to the encryption/decryption process, key derivation, or data leakage are considered high priority.