This repository is a public documentation and publication repository. It should not contain private implementation code, credentials, private prompts, internal logs, unpublished operational traces, or sensitive user data.
Security reports for this repository should focus on:
- accidental disclosure of private implementation details
- committed credentials or signing material
- sensitive operational logs or private prompts
- unsafe public publishing configuration
- misleading links that could route readers to untrusted artifacts
Implementation vulnerabilities in private source code are out of scope for this public repository.
Do not post sensitive disclosure details in a public issue.
Use GitHub's private vulnerability reporting flow if it is enabled for the repository. If it is not enabled, contact the maintainers privately through the GitHub account or organization that owns the repository.
本仓库是公开文档与发布仓库,不应包含私有实现代码、凭证、私有 prompt、内部日志、未公开运行痕迹或敏感用户数据。
本仓库的安全报告应聚焦于:
- 意外泄露私有实现细节
- 提交了凭证或签名材料
- 暴露敏感运行日志或私有 prompt
- 不安全的公开发布配置
- 可能把读者引向不可信 artifact 的误导性链接
私有源码中的实现漏洞不属于本公开仓库的处理范围。
请不要在公开 issue 中发布敏感披露细节。
如果仓库启用了 GitHub private vulnerability reporting,请使用该流程。如果没有启用,请通过拥有本仓库的 GitHub 账号或组织私下联系维护者。