Security updates are handled for the latest published version of @tasklight/pi-tasklight.

Please report security issues privately instead of opening a public issue.

Use GitHub's private vulnerability reporting if it is enabled for this repository. If it is not enabled, contact the maintainer directly through the repository owner profile.

Please include:

• affected version,
• steps to reproduce,
• impact,
• any suggested fix or mitigation.

Pi Tasklight is a local Pi extension that invokes the Tasklight CLI. Reports related to local command execution, unexpected file access, or unsafe notification behavior are in scope.

Tasklight CLI issues should be reported to the Tasklight project.