Please do not open a public issue for security reports. Use GitHub private vulnerability reporting:

1. Open the repository on GitHub.
2. Go to Security.
3. Choose Report a vulnerability.

llm-note is local-first and does not send data to network services by itself. Please report issues related to unsafe file handling, accidental data exposure, command execution, packaging, or dependency metadata.