reflector is an actively developed research repository. Security reports are still welcome, especially for issues involving automation, publication workflows, dependency handling, or generated artifacts.
Security reports should focus on the current default branch and the repository's published automation surfaces, including the CLI, scripts, and workflow configuration.
Please do not disclose security issues publicly before coordination.
- Report the issue privately through GitHub's security reporting features when available.
- If private reporting is unavailable, contact the maintainer through GitHub before opening a public issue.
- Include reproduction steps, affected files or workflows, and the potential impact.
- a concise description of the issue
- steps to reproduce
- impact and affected surfaces
- suggested remediation, if known