This repository contains a format specification and example packages.
Examples include:
- path traversal ambiguities
- unsafe extraction behavior
- malformed binary handling that could cause silent corruption
- validator / reader disagreement that could create unsafe package handling
If GitHub private security reporting is enabled, please use it for issues that should not be disclosed immediately.
Otherwise report security issues to security@vtubermate.com.
For non-security repository questions, use hello@vtubermate.com or public GitHub Issues as appropriate.
- affected clause(s)
- concrete package layout or sample manifest
- expected behavior
- actual risky behavior
- whether the issue affects writers, readers, validators, or all three