If you discover a security issue in gametrackdaily, please report it privately first.
Until a dedicated security inbox is published, do not open a public issue containing:
- secrets
- private workspace paths
- internal operational notes
- unpublished editorial content or manager-only data
The most important security rule in this project is data separation:
- public content output must only come from allowlisted public-safe fields
- internal runtime data must not leak into committed public assets
- third-party content referenced in editorial coverage must respect the source's terms