Agent Reliability Kit is local-first and should not collect source code, secrets, cookies, browser profiles, private URLs, or raw private logs.
Please report vulnerabilities privately to the maintainer. Include:
- affected version or commit,
- impact,
- minimal reproduction,
- safe proof of concept with no real secrets.
Do not open public issues for suspected credential leaks or exploitable vulnerabilities.
Fixtures may include synthetic token-looking values only when they are obviously fake and used to test redaction. Real credentials must never be committed.