# Security Policy ## Scope BatteryMHM is a research library for harmonic-feature modeling. It does not handle credentials, network services, or user data, so its attack surface is small. Still, we take correctness and supply-chain integrity seriously. ## Supported versions The latest released version (`1.0.0`) is supported. ## Reporting a vulnerability If you discover a security issue (for example, a dependency vulnerability, a deserialization risk in user-supplied data, or a way the library could be made to execute untrusted code), please **do not open a public issue**. Instead, report it privately via the Hugging Face model discussion page (mark it as a security concern) or the repository's private advisory channel. Please include: - A description of the issue and its impact - Steps to reproduce - Affected version(s) and environment We aim to acknowledge reports within a few business days and to address confirmed issues promptly. ## Note on model weights This repository distributes **no** trained model weights or pickled objects. If you train your own models, never `pickle.load` weights from an untrusted source — pickle can execute arbitrary code on load.