Please do not open public GitHub issues for suspected security vulnerabilities.

• Email: junhsssr@gmail.com
• Subject line: browserarena security report
• Include reproduction steps, affected files or endpoints, impact, and any suggested remediation.

If GitHub private vulnerability reporting is enabled for this repository, you may use that instead.

Please report issues such as:

• exposed credentials, tokens, or private keys
• workflow or CI/CD permission problems
• vulnerabilities in the public web/ app or API routes
• benchmark artifacts exposing non-public data unexpectedly
• dependency vulnerabilities with practical impact on this repository

• Initial triage response: within 5 business days
• Status update after triage: within 10 business days
• Fix timing depends on severity, exploitability, and release coordination

We appreciate responsible disclosure and will work to acknowledge and remediate valid reports promptly.