This repository contains methodology, schemas, and workflow automation. Report issues involving

• Signature/attestation verification
• Supply-chain integrity of workflow steps
• Schema validation bypasses
• Sensitive data exposure in logs

Email swright@waveframelabs.org with subject [AWO Security] and include steps to reproduce. We aim to acknowledge within 3 business days.

• Post exploitation steps or PoC in public issues before acknowledgment.
• Include secrets, tokens, or private keys in reports.

After a fix or mitigation is merged, we’ll credit reporters (opt-in) in the release notes.