We take security seriously. If you discover a security vulnerability, please report it responsibly.

Do not open a public issue for security vulnerabilities.

Instead, please:

1. Email the maintainers directly at [INSERT SECURITY EMAIL]
2. Include the following information:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: You'll receive a response within 48 hours
• Investigation: We'll investigate and validate the report
• Fix: If confirmed, we'll develop and test a fix
• Disclosure: We'll coordinate disclosure with you

• We aim to fix critical vulnerabilities within 7 days
• We aim to fix medium/low vulnerabilities within 30 days
• We'll credit you in the release notes (unless you prefer to remain anonymous)

When using TestWeave:

• Keep your dependencies up to date
• Review generated test code before running
• Don't include sensitive credentials in test files
• Use environment variables for secrets

• TestWeave generates code that may interact with web applications
• Generated selectors should be reviewed for potential injection risks
• Always run tests in isolated environments when possible

For security concerns, contact: [INSERT CONTACT METHOD]