Fluffy Flash performs privileged disk operations and downloads content from the network by design. Review FluffyFlash/README.md (Security) before auditing.

Please do not open a public issue for undisclosed security problems.

1. Open a private vulnerability report via GitHub (Security → Report a vulnerability) if enabled on the repository, or
2. Contact the maintainers through a private channel they publish on the repository or org profile.

Include: affected version, macOS version, and a minimal repro where possible.