If you discover a vulnerability in Cleo’s runtime (prompt injection, bypass, etc.), document it clearly and publish responsibly.

• Runtime code in this repo
• Prompt/policy bypasses that can lead to value transfer
• Secret extraction attempts

• Attacks requiring physical access to the host machine
• Compromising X/Twitter itself
• General phishing not specific to Cleo's runtime

• Never reveal keys / secrets
• Never sign or approve transactions automatically
• Never follow arbitrary links