Security fixes are applied to the latest release and main.
Do not publish sensitive machine data, unredacted diagnostic reports, credentials, tokens, private network details, or a working exploit in a public issue.
Use GitHub private vulnerability reporting when available. Otherwise contact the repository owner through the profile contact methods and include only the minimum information needed to reproduce the problem.
For ordinary false positives, compatibility problems, and non-sensitive bugs, use the public issue templates.
Use -PrivacyMode before sharing a combined report and review the generated file manually. Privacy Mode reduces exposure but is not a guarantee that arbitrary application or Event Log text contains no sensitive information.
The toolkit is intended to remain read-only, local, dependency-free, and free of telemetry or upload behavior. A change that violates those boundaries should be treated as a security concern.