Verified on 2026-03-26.
- untrusted remote HTML/API responses from manga sources
- local filesystem writes for archives and optional logs
- outbound HTTP access to third-party manga sources
- GitHub release and container publishing pipeline
- no multi-user server surface
- no database or credential store in repo code
- primary security risks come from third-party content and supply chain dependencies
- validate source inputs before network work
- keep archive output under explicit user-selected directories
- prefer shared HTTP code paths over ad hoc adapter-local clients
- document new dependencies before adoption
- no documented vuln-scanning routine beyond normal dependency hygiene
- no dedicated egress allowlist or source isolation controls
- no CI checks focused specifically on dependency or docs-governance risk