Please do not report security vulnerabilities in public GitHub issues.
Use GitHub private vulnerability reporting if it is available for this repository. If it is not available, contact the maintainer privately with:
- a short description of the issue
- affected versions or commits if known
- reproduction steps
- any known impact
Murph is local-first and can interact with local credentials, messaging providers, model providers, and connected work sources, so avoid sharing secrets, tokens, private workspace data, or exploit details publicly.