# Security Policy
Report vulnerabilities via GitHub's private vulnerability reporting.
DO NOT open public issues for security vulnerabilities.
We care about: graph file integrity, MCP server sandbox bypasses,
code injection through parsed sources, privilege escalation, memory safety.