If you discover a security vulnerability, please report it responsibly via GitHub Security Advisories rather than opening a public issue.

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days.

This policy covers the llm-cli-setup codebase. Issues with the CLI tools it installs (sqlcmd, gh, atl, etc.) should be reported to their respective projects.