Active development is on main. Hosted instance: project-forge.opentriologue.ai, tracks main.

project-forge generates project scaffolds and pushes to GitHub on behalf of users. Vulnerabilities (auth bypass, GitHub-token leak, scaffold-injection, push-target manipulation) are treated as serious.

Please do not open a public GitHub issue for security reports.

Email contact@lan-nguyen-si.de with:

• Affected surface
• Reproduction steps or proof-of-concept
• Impact assessment

You will get an acknowledgement within 72 hours and an initial assessment within 7 days. A fix timeline depends on severity and complexity, communicated in the assessment.