This tool is early-stage. Security fixes are best-effort.

If you discover a security issue, do not open a public issue. Contact the maintainers privately.

• Treat suites, predictions, and model outputs as untrusted input.
• Run in sandboxed CI where possible when testing untrusted content.