We take security seriously in Local Deep Research. If you discover a security vulnerability, please follow these steps:

Please DO NOT open a public issue. Instead, report vulnerabilities privately through one of these methods:

1. GitHub Security Advisories (Preferred):

   • Go to the Security tab → Report a vulnerability
   • This creates a private discussion with maintainers

2. Email:

   • Send details to the maintainers listed in CODEOWNERS
   • Use "SECURITY:" prefix in subject line

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• We'll acknowledge receipt within 48 hours
• We'll provide an assessment within 1 week
• We'll work on a fix prioritizing based on severity
• We'll credit you in the fix (unless you prefer anonymity)

This project processes user queries and search results. Key areas:

• No sensitive data in commits - We use strict whitelisting
• API key handling - Always use environment variables
• Search data - Queries are processed locally when possible
• Dependencies - Regularly updated via automated scanning

Thank you for helping keep Local Deep Research secure!