Please do not report security vulnerabilities through public GitHub issues.
If you believe you found a vulnerability in Roost, contact the maintainer privately:
- A short description of the issue.
- Reproduction steps, if safe to share privately.
- Impact and affected versions, if known.
- Any relevant sanitized logs or screenshots.
Do not include access tokens, private model files, or credentials unless they are strictly necessary and you have confirmed a safe private channel first.