This is a small open-source tool used by individuals to prepare second-opinion conversations with their own physicians. Threats we care about, in priority order:

1. Patient data leakage — e.g. a code path that sends un-anonymized DICOM tags or report text to an LLM, a missing redaction rule that leaves PHI in data/anon/, a .gitignore gap that lets data/ get committed.
2. Auth / credential mishandling — accidentally logging ANTHROPIC_API_KEY, committing .env files, leaking the project-local UID-rehash salt.
3. Supply-chain / dependency vulnerabilities in the medical / image / LLM stack (pydicom, Pillow, weasyprint, anthropic, claude-agent-sdk).
4. Prompt-injection vectors that could trick the LLM into ignoring the disclaimer or producing diagnostic claims framed as definitive.

Do not open a public GitHub issue for security problems. Instead, email the maintainer privately at the address listed on the maintainer's GitHub profile.

Please include:

• A short description of the issue.
• Steps to reproduce, ideally with synthetic input only.
• Your assessment of impact (patient data leakage? privacy degradation? remote code execution?).
• Any suggested mitigation.

We will respond within 7 days. Critical privacy issues will be patched and disclosed with credit (if desired) within 30 days.

• General medical accuracy of the LLM output. The disclaimer covers this — the tool is not a medical device.
• Pricing / billing of the underlying LLM API.
• Issues that require the attacker to already have local file-system access to your machine.

• data/, *.dcm, DICOMDIR, .env, project-local .salt are gitignored.
• Anonymization is allowlist-based; unknown DICOM tags fall out by default.
• The audit gate is fail-closed; no external LLM call happens unless audit-report.json is green.
• The PreToolUse hook in the claudeshome workspace (separate, in the maintainer's setup) adds defense-in-depth for upload / commit / rsync paths touching data/.
• Disclaimer footers are written by the PDF builder, not optional.