Please do not report security vulnerabilities via public GitHub issues.

Use GitHub private vulnerability reporting instead. You will receive a response within 7 days.

This project is a CLI scaffolding tool. The main attack surface is:

• Template files copied into user projects — malicious content could affect generated codebases
• Child process execution (npm install, git init) triggered after scaffolding
• User input handling — project names and target directories

This project is fully generated with AI. No code has been manually reviewed by a security professional. Use at your own risk.