Please do not open public GitHub issues for security vulnerabilities.
If you discover a security issue in this project, report it privately so it can be addressed before public disclosure.
- Preferred: GitHub Security Advisories — open a private report via this repository's Security → Report a vulnerability tab (works for any fork; no email setup needed).
- Optional email contact — maintainers of a fork may add their own security
email here (e.g.
security@your-domain.example). Omit it to rely solely on GitHub Security Advisories.
Please include:
- A description of the issue and its potential impact
- Steps to reproduce (proof-of-concept if available)
- Any relevant logs, configuration, or environment details (with secrets redacted)
We will acknowledge your report, investigate, and keep you informed of the resolution. We appreciate responsible disclosure and will credit reporters who wish to be acknowledged.
- This repository is a fraud-detection automation toolkit intended to be run against your own data sources. It ships no credentials; all secrets are supplied at runtime via environment variables.
- Never commit real user data, credentials, or internal infrastructure
identifiers. Use placeholders (e.g.
user@example.com,YOUR_GCP_PROJECT). - Report any accidental exposure of secrets or personal data to the security contact above so credentials can be rotated and data handled appropriately.