# Security Policy

## Supported versions

Security updates are handled for the latest published version of `@tasklight/pi-tasklight`.

## Reporting a vulnerability

Please report security issues privately instead of opening a public issue.

Use GitHub's private vulnerability reporting if it is enabled for this repository. If it is not enabled, contact the maintainer directly through the repository owner profile.

Please include:

- affected version,
- steps to reproduce,
- impact,
- any suggested fix or mitigation.

## Scope

Pi Tasklight is a local Pi extension that invokes the Tasklight CLI. Reports related to local command execution, unexpected file access, or unsafe notification behavior are in scope.

Tasklight CLI issues should be reported to the Tasklight project.