Compliance Flag is pre-1.0. Security fixes are applied to the active development branch until a stable release policy is published.

Please do not open public issues for suspected vulnerabilities.

Report security concerns to the maintainers using the private contact channel listed for the Quillmark Open Source organization, or by contacting Quillmark LLC through its public website.

Include:

• affected version or commit
• steps to reproduce
• impact
• any suggested mitigation

Compliance Flag is designed for public marketing pages and local files supplied by the user. It should not be used to crawl private networks, authenticated applications, customer portals, or confidential systems without explicit authorization.