If you discover a security vulnerability in TaskForce, please report it privately by emailing:

taskforce.aiagent@gmail.com

or by opening a private security issue (if you have permission). Please do not open a public issue.

• Affected version(s) of the package
• Steps to reproduce the issue
• Proof-of-concept or exploit code (preferably minimal)
• Your environment (OS, Node.js version, etc.)

1. We will acknowledge receipt within 48 hours.
2. We aim to have a fix or mitigation published within 14 days.
3. Once fixed, we will disclose publicly (and credit you if you’d like).