Please do not open a public GitHub issue for security vulnerabilities.
Use GitHub private vulnerability reporting:
https://github.com/kitsuyui/invisible/security/advisories/new
Include the following details when possible:
- affected version or commit;
- a short impact summary;
- steps to reproduce or a minimal proof of concept;
- whether hidden messages, generated text, terminal output, or input files can be exposed, corrupted, or misdecoded.
The maintainer will review the report as soon as possible. If the issue is confirmed, a fix and public advisory will be prepared after coordinated disclosure is appropriate.