If you discover a security vulnerability in RoboDev, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email: security@robodev.dev (placeholder)

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgement: within 48 hours
• Initial assessment: within 1 week
• Fix and disclosure: coordinated with reporter

RoboDev follows a defence-in-depth approach. See docs/security.md for the full security model and threat analysis.