Do not commit ~/.peezy/config.json, API keys, access tokens, or local .env files. Peezy CLI masks saved keys in peezy config show, but the config file itself contains the usable credential after peezy login.

Report security issues privately to the project maintainers. Do not open a public issue for suspected credential exposure or vulnerabilities.