Reporting a vulnerability
Email hello@amargautam.com with steps to reproduce. We acknowledge within 48 hours, agree a disclosure date with you, and ship the fix on a 90-day window. You're credited unless you'd rather not be.
For non-sensitive bugs, use GitHub issues.
What's in scope
Anything in the amargautam/pakka repo and its published plugin. The Claude Code harness itself, the OAuth flow, and the model API are out of scope — report those to Anthropic.
Defenses
As of v0.11.0, semantic rewriter output passes a delta-based injection gate — instruction-shaped additions are rejected and the deterministic fallback takes over.
Contact
Emailhello@amargautam.com
PGP fingerprint8F2E…D194
Response SLA≤ 48h
Disclosure window90 days
Hall of fame/security ↗