Do not open a public GitHub issue for security vulnerabilities.

Report via GitHub Security Advisory or contact the maintainer directly via the GitHub profile.

Include: description, steps to reproduce, potential impact, suggested fix. Response within 7 days.

• No external network calls except localhost (Ollama)
• RAM-only processing, no file writes during analysis
• All IPC commands explicitly allowlisted in Tauri capabilities
• No third-party analytics SDKs