If you discover a security vulnerability in LogoMesh, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email the maintainers directly or use GitHub's private vulnerability reporting feature on the Security tab of the repository.

We will acknowledge receipt within 48 hours and provide an estimated timeline for a fix.

This policy covers:

• The LogoMesh scoring pipeline and sandbox execution
• The Red Agent adversarial engine
• Docker sandbox escape or isolation bypass
• Any code execution vulnerability in DynamicToolBuilder or similar dynamic code paths

Only the latest version on the master branch is actively maintained.