If you discover a security vulnerability in Nikui, please do not open a public issue.

Instead, report it privately by emailing the maintainers or using GitHub's private vulnerability reporting.

Please include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact

We will acknowledge your report within 48 hours and aim to release a fix within 14 days for confirmed issues.

Nikui runs locally and scans code on your machine. It does not transmit your code externally unless you configure a remote LLM backend (e.g. OpenAI). In that case, standard API data handling policies of the respective provider apply.