For to work, you need to provide's GitHub App with read/write permissions for your repository. Many maintainers are rightfully hesistant to provide such permissions to third parties. We are taking this responsibility very seriously, and have designed with security in mind from the start:

  1. has a well-defined threat model in which GitHub Actions runners are treated as completely untrusted and potentially compromised. The API only enables the workflow to update the current pull request once.
  2. minimizes untrusted input and data processing where possible. For example, instead of using git checkout/apply/push, we have decided to use GitHub's GraphQL API. This makes it much harder to port to other platforms, but means we only need to process a simple JSON data structure instead of applying git commands on untrusted repositories (see e.g. CVE-2021-21300).
  3.'s hosted service is written in a memory-safe language that emphasizes correctness (Rust).
  4.'s main author has extensive practical (building security software, organizing and playing CTF security competitions) and theoretical security experience (CS PhD from a security group).

Reporting a Vulnerability

We ask that you do not report security issues to our normal GitHub issue tracker. If you believe you've identified a security issue with, please report it to

Once you've submitted an issue via email, you should receive an acknowledgment within 48 hours, and depending on the action to be taken, you may receive further follow-up emails.

Bug Bounty

For the responsible disclosure of critical vulnerabilities that could compromise the integrity or confidentiality of our users' GitHub repositories, pays a bug bounty of up to one month of's total revenue.

We will not bind you to any additional terms or have you sign an NDA when you report a vulnerability. However, bounty payments, if any, will be determined by, in's sole discretion. In no event shall be obligated to pay you a bounty for any submission. If you are unhappy with how is handling the disclosure process, you may walk away at any moment and publish your findings (but not any sensitive data you may have had access to) in the public.