Do not open public issues for vulnerabilities, credentials, private host details, or customer/site-specific information.
For security reports, email ai4avofficial@gmail.com privately. Include:
- affected spec, tool, or site path
- impact
- reproduction steps
- whether any credential, private network, or customer detail is involved
We aim to acknowledge reports within 7 days on a best-effort basis. There is no bounty program.
The public catalog should contain published device-control facts only. Secrets, private runner details, private maintenance configuration, raw source cache contents, and scraper internals are out of scope for this repository.