If you discover a security vulnerability in clickup-cli, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, email security@blockful.io with:

1. Description of the vulnerability
2. Steps to reproduce
3. Potential impact
4. Suggested fix (if any)

• Acknowledgment: Within 2 business days
• Initial assessment: Within 5 business days
• Fix and disclosure: Coordinated with reporter

This policy applies to the clickup-cli codebase. For vulnerabilities in the ClickUp API itself, please report to ClickUp's security team.