If you discover a security vulnerability in any ProwlrBot repository, please report it responsibly.

1. Do not open a public issue for security vulnerabilities
2. Open a GitHub issue with the security label on the main repo
3. Include: description, reproduction steps, severity estimate (CVSS if possible)

• Acknowledgment: Within 48 hours
• Triage: Within 72 hours
• Critical patches: Within 7 days
• Non-critical patches: Next release cycle

This policy covers all repositories in the ProwlrBot organization.

For the full security model (trust boundaries, threat model, sandboxing), see the main repo's SECURITY.md.