reporting
Use the security inbox for sensitive issues
Send vulnerability reports, exposed credential concerns, authentication issues, and private-content exposure reports to the dedicated security inbox.
Security / reporting
Report security issues through the right channel.
Security reports have a dedicated path. Product questions can use the contact form, but sensitive vulnerability details should go directly to the security inbox.
Details
A clear reporting path for sensitive issues.
Security reports should have a clear path and stay separate from general product requests. This page explains what to send and where to send it.
handling
Keep sensitive details out of the contact form
Do not include secrets, tokens, private repository contents, or exploit details in the general contact form. The contact form is for product follow-up only.
detail
Include enough context to triage
Useful reports include the affected page or workflow, expected impact, reproduction notes, and whether any private workspace content may be involved.
boundaries
Security starts with clear boundaries
RepoWiki is designed around private workspaces, visible source details, selected repository scope, and safe rendering for docs.
security contact
Send sensitive reports directly.
General product requests should use the contact form. Security reports should go directly to a dedicated inbox.
dedicated inbox
security@repowiki.devInclude impact, reproduction notes, affected area, and whether any private workspace content may be exposed.