byteflow.tools is a privacy-first, browser-local developer tools project. Most tool payloads should stay in the user's browser and must not be included in public reports.
Report suspected vulnerabilities privately through GitHub Security Advisories:
https://github.com/baixiangcpp/byteflow.tools/security/advisories/new
Do not open a public issue for exploitable behavior, data exposure, bypasses, or reports that require private reproduction details. Do not include production secrets, API keys, JWTs, certificates, private keys, customer data, logs, HAR files, uploaded files, screenshots with private data, or full request/response bodies.
For non-security bugs and feature requests, use GitHub Issues.
Security fixes target the hosted site and the current main branch.