# Security Policy
Panasyn executes the user's configured shell through a PTY and renders
untrusted byte streams from local processes. Treat parser, PTY, clipboard, and
replay code as security-sensitive.
## Reporting
Please report vulnerabilities privately to the project maintainer before filing
a public issue. If the repository has no published security contact yet, open a
minimal issue asking for a private disclosure channel without including exploit
details.
## Expectations
- Parser panics on malformed input are security bugs.
- Unsafe FFI must stay narrow, documented by surrounding code, and covered by
normal tests or replay/fuzz coverage.
- Dependencies should be checked with `cargo audit` before release.