skiplevel runs entirely locally and makes no network calls. The generated report is a single static HTML file with no external requests. Roast mode is opt-in and only invokes your own claude CLI as a subprocess.

If you believe you have found a security issue (for example: the report leaking transcript content it should not, the sensitive-file detector missing a class of credentials, or anything that causes data to leave the machine), please report it privately via GitHub Security Advisories rather than a public issue.

You can expect an initial response within a week.