If you discover a security issue, please do not file a public issue first.

Use the private disclosure channel configured for the repository once the public GitHub repository is live. Until then, avoid publishing exploit details together with reproduction steps.

agentforecast can read local CSV files and remote CSV URLs. Review any deployment that enables network access or runs on untrusted input.