Please report suspected vulnerabilities privately through GitHub's private vulnerability reporting (Security → Report a vulnerability on this repository). Do not open a public issue for anything you believe is exploitable.
What to expect:
- Acknowledgement within 3 business days.
- An assessment and remediation plan within 14 days for confirmed reports.
- Credit in the release notes when a fix ships, if you want it.
Please include reproduction steps, the affected surface (engine, console, site, or desktop app), and the version or commit you tested.
ContextCake is pre-1.0. Security fixes land on main and ship in the next
release; only the latest release is supported.
- The manifest is a trust boundary by design. A layer with
"source": "mcp"spawns thecommanddeclared in the manifest, with the caller's privileges. Running a manifest you did not author is equivalent to running a program you did not author. Reports that reduce to "a hostile manifest can run commands" describe documented behavior, not a vulnerability — see the trust-boundary documentation on the product site. - The engine is dependency-free on purpose. The core (
packages/core/) uses Node.js built-ins only; there is nonpm installstep and no lifecycle scripts. Supply-chain reports against the engine should target the release artifacts themselves. - The web console demo and product site are static deployments; reports about
them are still welcome (XSS in rendered content, CSP gaps, dependency CVEs in
apps/console/orapps/site/).