Thanks for taking the time to disclose responsibly.

Please use GitHub's private vulnerability reporting on this repository. That keeps the report visible to the maintainer without exposing the details publicly.

If private reporting is unavailable for any reason, open a regular issue titled security: brief description without any exploit details, and the maintainer will reply with a private channel.

• A description of the issue and its potential impact.
• Steps to reproduce — minimal is fine, a full PoC is not required.
• Affected versions if you've narrowed them down.
• Whether you'd like to be credited in the eventual fix.

• Initial acknowledgement within a few days.
• A fix or mitigation plan within ~30 days for confirmed issues; longer for cases that require coordinated disclosure with upstream dependencies.
• Public credit once a fix has shipped, if you'd like.

This project is a local-only static-analysis tool. It runs on a developer's machine, reads the analyzed project, and writes the resulting graph to .understand-anything/. It does not phone home and the dashboard's file-content endpoint is gated behind an access token and a graph-derived path allowlist.

Issues we care about:

• Code execution triggered by analyzing a hostile project (e.g. a path in a hostile file leaking outside the analyzed directory, or untrusted JSON in the graph being executed by the dashboard).
• The dashboard's file-content endpoint serving files outside the allowlist.
• The /understand skill running shell commands derived from untrusted paths or contents.

Issues that are out of scope:

• Bugs that require a malicious local user with write access to the analyzed project (they could just edit the source directly).
• Anything that requires the user to copy a malicious URL and paste it back into the dashboard.