Do not open a public GitHub issue for suspected security problems.
Use a non-public contact method associated with the repository maintainer.
Include, when available:
- a description of the issue
- affected files or areas
- reproduction details
- potential impact
This repository currently contains the Talos Python scoring core, tests, and supporting documentation.
Report privately if you find:
- exposed secrets or credentials
- non-public references or URLs
- unsafe workflow or automation configuration
- security-sensitive behavior in the public package or CLI
- other security-sensitive repository content
Do not disclose a suspected vulnerability publicly before maintainer review.