Do not submit or commit:
- secrets, API keys, or tokens
- private application code
- private data or customer artifacts
- proprietary screenshots
- personal information
- local machine paths or workflow artifacts
Capability Contracts is a local static scanner. If you believe the tool exposes sensitive data unexpectedly, open a private security report with:
- the command you ran
- the file pattern involved
- the generated output path
- a minimal synthetic reproduction