Open a private security advisory on GitHub or contact the maintainers.

• Unattended agents with broad MCP scopes
• Shared credentials without identity model
• Inbox bypass for destructive tools
• Kill switch never tested

See docs/safety.md and docs/failure-modes.md.