Please do not open public issues for security problems.

Use GitHub private vulnerability reporting:

• Create a private advisory: https://github.com/shpitdev/cable-intel/security/advisories/new
• Include repro steps, impact, and any known fix/workaround.

If private advisory creation is unavailable for your access level, contact a maintainer directly and mark the message as SECURITY.

This policy covers:

• Source code in this repository
• CI/CD workflows and repository automation
• Credentials/secrets exposure risks tied to this repository

• Initial triage: within 3 business days
• Status update after validation: within 7 business days

Validated vulnerabilities are prioritized by impact and fixed as quickly as practical. When possible, fixes are released before public disclosure.