Report security issues privately if disclosure could help an attacker, expose a secret, or describe a vulnerable deployment. If in doubt, report privately first. Use the public issue tracker only for non-sensitive security hardening or documentation issues:

https://github.com/quantumsoftwarelab/plumbing/issues

For private disclosure, use GitHub private vulnerability reporting on the repository if it is enabled. If it is not enabled yet, contact William Waites at the University of Edinburgh Quantum Software Lab without including exploit details in the first message, and move to a private channel before sharing secrets, tokens, or deployment-specific information.

Plumbing runs trusted local code. It is not a sandbox and does not isolate secrets between processes. Some child-process launch paths inherit the parent environment. Do not run untrusted .plumb programs, tools, or MCP servers with credentials in the parent environment.

Provider API keys and MCP tokens should be supplied only to pipelines that need them. Do not commit .env files, local agent-tooling config, provider keys, or workspace tokens.