The latest published minor of @blazity-atlas/core receives security fixes.
Use GitHub private vulnerability reporting: open the repository's Security tab and click "Report a vulnerability". Do not open public issues for vulnerabilities.
The CLI runs locally, makes no network calls at runtime, and writes only
plain files and repo-internal symlinks (.claude/skills, .agents/skills,
.cursor/skills) into the target repository. The highest-impact class of issue is
anything that lets init or doctor --fix write outside the repository root
(path traversal or symlink escape) — report those privately.