If you discover a security vulnerability in this project, please report it responsibly. Do not open a public issue.

Instead, send an email to info@99x.io with the following information:

• A description of the vulnerability
• Steps to reproduce it
• The potential impact
• Any suggested fix (if you have one)

We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 days, depending on severity.

This policy covers the code in this repository, including the AI command system (figma-extractify/), the Next.js boilerplate (boilerplate/), and any shell scripts or configuration files.

Third-party dependencies are managed via npm. If you find a vulnerability in a dependency, please check if it has already been reported upstream before contacting us.

We appreciate responsible disclosure and are happy to credit reporters in the changelog (with your permission).