TermiFlow is currently in public beta (0.1.x). Security fixes are applied to the latest release only.

Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately via GitHub's Security Advisories or by emailing the maintainer directly (see GitHub profile for contact).

We aim to acknowledge reports within 72 hours and to provide a fix or mitigation timeline within 14 days.

TermiFlow reads Mermaid diagram files from the local filesystem and renders them as text. It does not make network requests, store credentials, or execute arbitrary code from diagram inputs. The primary attack surface is malformed input causing a crash or unexpected output — please report any such cases.