Disclosure
Report CraftedTrust issues privately.
If you find a security issue in CraftedTrust-owned services, send enough detail to reproduce it safely. Do not test against third-party MCP servers through this policy.
- IncludeAffected URL, impact, steps, safe PoC, timestamps, and any request IDs.
- AvoidCustomer data, destructive actions, persistence, spam, social engineering, or third-party abuse.
- ScopeThis policy covers CraftedTrust-owned public services only.