Fluent is pre-alpha software. Security reports are welcome, especially around desktop automation, AI provider keys, local storage, screenshots, and permission handling.
Please do not open a public GitHub issue for a vulnerability.
Instead, contact the maintainers privately using the security contact listed in the repository profile. If no private contact is listed yet, open a minimal public issue asking for a private security contact without sharing technical details.
Include:
- A short description of the issue.
- Steps to reproduce.
- Affected platform and version, if known.
- Potential impact.
- Any suggested mitigation.
- Exposure of AI API keys or tokens.
- Unintended desktop automation.
- Screenshots or app context sent to external providers unexpectedly.
- Bypassing confirmation or stop controls.
- Insecure local storage of sensitive data.
- Dependency or packaging vulnerabilities.
Fluent does not have a supported stable release yet. Security fixes will target the active development branch until versioned releases exist.
Fluent should not be used as emergency, medical, or safety-critical infrastructure. It is an experimental accessibility tool under active development.