If you discover a security vulnerability in this project, please report it by creating a new issue labeled "security".
For sensitive security matters that should not be disclosed publicly, please contact the maintainers directly.
- Provide as much information as possible about the vulnerability
- Include steps to reproduce if applicable
- If you have a suggested fix, feel free to mention it
We take security seriously and will:
- Acknowledge receipt of your vulnerability report in a timely manner
- Verify the vulnerability and determine its impact
- Release patches as quickly as possible for confirmed vulnerabilities
When using this GitHub Action:
- Always pin to a specific version rather than using
@mainto avoid unexpected changes - Use the least privileged GitHub token permissions needed for your workflow
- Be cautious when using the
issue-fixmode which can modify code - Use the label-based approach for issue fixes to limit who can trigger code changes
- Keep your Anthropic API key secure