OpenDocu treats fetched documentation as untrusted input.

The CLI does not fetch remote content, execute imported docs, or call an LLM. Agents or users fetch official docs separately, then OpenDocu imports local files and builds local indexes.

Security fixes target the latest major version, currently 1.x.

Report security issues privately before public disclosure by opening a GitHub private vulnerability report:

https://github.com/yu2001-s/OpenDocu/security/advisories/new

Do not include exploit details in public issues. If private vulnerability reporting is unavailable, open a public issue asking for a private security contact without including sensitive details.

Primary risks:

• prompt injection embedded in imported documentation
• stale local indexes returning deleted or outdated material
• incorrect source URLs or version metadata
• malicious HTML content in local docs

Mitigations:

• imported content is stored as inert Markdown and indexed as text
• opendocu search refuses stale indexes unless --allow-stale is passed
• imported pages keep source URLs, versions, retrieved timestamps, and content hashes
• skill instructions tell agents to treat docs as reference material, not instructions

Agents should never execute code from docs unless the user explicitly asks and the code has been reviewed in task context.