runtime-proof-kit can start local commands, capture screenshots, and write process logs. Treat proof artifacts as potentially sensitive.
If you find a security issue, please open a private report through GitHub Security Advisories once the repository is public.
Before attaching proof bundles to public issues or pull requests, review:
- screenshots
- stdout/stderr logs
- URLs and query strings
- visible account names or tokens
The project roadmap includes redaction support, but v0.1 expects users to review artifacts before sharing them.