Floom Version 1 is intentionally narrow: terminal publish, link share, local add, sync, watch polling, and lightweight MCP sync. Please report security issues privately so they can be reviewed before public disclosure.

Use GitHub's private vulnerability reporting for this repository. Include the affected package or endpoint, reproduction steps, impact, and any relevant logs or request IDs. Do not include secrets, tokens, private keys, or credentials in public GitHub issues, discussions, pull requests, screenshots, or shared links.

Use public issues for non-sensitive bugs and feature requests only. If a report contains secret material or explains an exploitable path, use private vulnerability reporting.

Before publishing or submitting a skill, remove secrets, credentials, customer data, internal strategy notes, private workplans, and machine-specific paths. Floom links can make Markdown skill content readable by anyone with access to the link.