Please do not open a public issue for security problems.
Report vulnerabilities privately through GitHub's private vulnerability reporting: open the Security tab of this repository and click Report a vulnerability.
If private vulnerability reporting is not enabled or you prefer email, contact algorithmictradingsolutions@gmail.com instead. Please put "SECURITY" in the subject line and avoid posting any details in public issues or discussions.
We aim to acknowledge reports within a few business days and will keep you updated as we investigate.
This project ships Markdown instructions and shell/PowerShell installers. The most relevant risks are:
- The
install.sh/install.ps1scripts, which write to~/.commandcode/. - The
curl … | shandiwr … | iexone-liners documented in the README.
If you find a way these could be abused (for example path traversal or unexpected file writes), please report it.
RTK itself is a separate project — report issues with the rtk binary at
rtk-ai/rtk.
This is a small integration; only the latest main is supported. Please test
against current main before reporting.