If you discover a security vulnerability in SPAC-KIT, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email us at: auto@pirsquare.net

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Assessment: Within 1 week
• Fix: Depending on severity, typically within 2 weeks

This policy applies to:

• @pirsquare.auto/spac-kit npm package
• n8n-nodes-spac-kit-pirsquare npm package
• The MCP server (bin/mcp-server.js)
• The AI auto-fill feature (src/fill/)

• The generated spec template content (user-created files)
• Third-party dependencies (report to their respective maintainers)