If you discover a security vulnerability in CopilotOnToast, please report it privately using GitHub Security Advisories.

Do not report security vulnerabilities through public GitHub issues, as this may expose the vulnerability to others before a fix is available.

Please provide as much of the following information as possible to help understand and resolve the issue quickly:

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact (e.g. arbitrary code execution, privilege escalation)
• Any suggested mitigations or fixes, if you have them

You can expect an initial acknowledgement within 5 business days. We will work with you to understand the issue and coordinate a fix and disclosure timeline.

For general bugs and non-security issues, please open a regular issue.