Please do not report security issues in public GitHub issues.

Use GitHub private vulnerability reporting for this repository: https://github.com/Hmbown/NemoHermes/security/advisories/new

If that flow is unavailable, contact the repository owner privately: https://github.com/Hmbown

Please include:

• affected version or commit
• steps to reproduce
• impact
• any mitigation ideas you already found

NemoHermes is still an early project, but we will try to:

• acknowledge reports within 3 business days
• provide a status update within 7 business days
• coordinate a fix and disclosure when a report is confirmed

This policy applies to the NemoHermes CLI, discovery and routing logic, packaged releases, and repository configuration that could create a security impact.