If you discover a vulnerability, please do not open a public issue with exploit details.

Instead:

1. Use GitHub Security Advisories if available for this repository.
2. Otherwise, open a minimal public issue requesting contact instructions — do not include exploit details, proof-of-concept code, or sensitive information.

Reports will be acknowledged and reviewed promptly.

• No raw prompts, responses, or transcripts are collected by PromptFuel.
• No secrets, tokens, or API keys are stored or transmitted.
• No telemetry is sent by default.
• Avoid logging sensitive local paths or provider data in output, status messages, or diagnostics.