Please report vulnerabilities privately — do not open a public issue.

• Preferred: GitHub private vulnerability reporting — open the Security tab and click "Report a vulnerability".
• Fallback: email [email protected].

This is a maintainer-run hobby project: responses are best-effort, usually within a few days. There is no bug bounty.

TerminalStyles writes to your PowerShell $PROFILE and Windows Terminal's settings.json, fetches background images over HTTPS, and (on bootstrap installs only) runs an unauthenticated daily update check against the GitHub API. Reports about those write/fetch paths — profile injection, settings corruption, update-check tampering — are explicitly welcome.