# Security Policy
## Reporting a Vulnerability
If you discover a security vulnerability in linear-cli, please report it responsibly.
**Do not open a public issue.**
Instead, use [GitHub's private vulnerability reporting](https://github.com/aaronkwhite/linear-cli/security/advisories/new).
## Scope
linear-cli handles Linear API keys. Security issues we care about:
- API key leakage (logging, error messages, crash dumps)
- Command injection via user input
- Dependency vulnerabilities
## Response
We aim to acknowledge security reports within 48 hours and provide a fix or mitigation plan within 7 days.