Please report suspected vulnerabilities through GitHub private vulnerability reporting:

https://github.com/Chachamaru127/claude-code-harness/security/advisories/new

If private reporting is unavailable, open a public issue with only the affected component and high-level impact. Do not include exploit payloads, secrets, tokens, or sensitive local paths in a public issue.

Security fixes are shipped in the latest release. Users should update to the newest claude-code-harness version after a security advisory is resolved.