If you discover a security vulnerability in Alice, please report it responsibly.

Do not open a public issue.

Instead, use GitHub's private vulnerability reporting to submit your report.

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

Alice is a CLI installer and launcher. It does not handle credentials, tokens, or sensitive data directly. However, we take all reports seriously.