TRACE processes potentially sensitive conversational evidence. Security issues that could affect evidence confidentiality, integrity, provenance, or auditability should be treated as high priority.

Please report security issues privately to the maintainer before public disclosure.

Until a dedicated security contact channel is published, open a private GitHub security advisory if available for the repository, or contact the maintainer directly through the repository owner account.

Issues are particularly important if they affect:

• chain-of-custody records
• evidence-package integrity or hashing
• audit-log tampering or omission
• unintended transcript disclosure
• provider credential leakage
• incorrect or silent mutation of classified outputs

• Do not publish proof-of-concept details that expose live evidence or credentials.
• Allow time for remediation and validation before public disclosure.