If you find a security issue in Mac Audit Agent, report it privately to the maintainers through the repository security contact path or the project issue tracker if no private channel is available.

Include:

• affected version
• macOS version
• whether the issue is local-only or remotely reachable
• reproduction steps
• logs, screenshots, or redacted evidence as appropriate

• Do not publish sensitive proof-of-concept material that would expose private data
• Do not include real credentials, tokens, or keychain material
• Do not upload logs with unredacted case material unless necessary for the report

• local-only by default
• explicit user consent for risky features
• no stealth
• no hidden persistence
• no retaliation
• no destructive remediation without approval