If you find a security issue, please email [email protected] instead of opening a public issue. You can also use GitHub's private vulnerability reporting.

Response times:

• Critical (code execution, data leakage): 24 hours
• Other security issues: 48 hours

Security concerns include:

• Command injection or code execution
• Data exposure or leakage
• File system access beyond intended scope
• API key or secret exposure in logs or artifacts

AgentLint's session analysis module reads Claude Code session data from ~/.claude/projects/ to detect repeated instructions and friction patterns. This data may contain conversation content and tool outputs. Session analysis is opt-in (not selected by default) and all processing is local.