Security reporting
Security reporting
If you believe you found a product-security issue, use a direct path and include enough detail to reproduce it safely.
What to report
Report issues that affect the integrity of the extension, CLI, release bundle, license path, or documentation in a way that could materially change trust.
What to include
Describe the affected version, reproduction steps, files or commands involved, and the likely impact. Avoid posting sensitive material in public if a private path is available.
Product boundary
Security reporting should focus on MCP Preflight itself, not on every third-party MCP server or ecosystem issue discussed in the guides.