If you believe you've found a security vulnerability in Agent Library, please do not open a public GitHub issue.

Instead, report it privately by email to security@arcade.dev. Include:

• A description of the issue and the impact you believe it has.
• Steps to reproduce, or a proof-of-concept if you have one.
• Any suggested mitigations.

We'll acknowledge receipt and work with you on a coordinated disclosure timeline.

Agent Library is a community project, not an official Arcade.dev product (see the README for the full support story). Security reports for the project itself are still routed through security@arcade.dev so they're handled with the same disclosure process Arcade.dev uses internally.