The sanitizer's threat model and its explicit non-goals are documented in src/doorbell/wakeline.py and in the README (contract rule 5 and the failure-mode matrix).
Report vulnerabilities through GitHub private vulnerability reporting on this repository (Security tab, "Report a vulnerability"). Reports within the stated scope get a response within a week.