Skip to content

Security: ozbayorcun/runtime-proof-kit

Security

SECURITY.md

Security

runtime-proof-kit can start local commands, capture screenshots, and write process logs. Treat proof artifacts as potentially sensitive.

Reporting

If you find a security issue, please open a private report through GitHub Security Advisories once the repository is public.

Artifact Safety

Before attaching proof bundles to public issues or pull requests, review:

  • screenshots
  • stdout/stderr logs
  • URLs and query strings
  • visible account names or tokens

The project roadmap includes redaction support, but v0.1 expects users to review artifacts before sharing them.

There aren't any published security advisories