LabKits is currently pre-1.0. Security fixes land on main until versioned releases begin.
Please report security issues privately to the maintainer instead of opening a public issue. Include:
- A short description of the issue.
- A reproduction path or affected file.
- Whether credentials, private papers, unpublished data, or local machine access are involved.
Security-sensitive areas include installer scripts, archive packaging, agent harness instructions, and any future runtime adapters that execute commands or read local files.
LabKits should not contain private papers, user chat logs, credentials, tokens, or unpublished review material. Use synthetic examples in issues and pull requests.