Please report vulnerabilities privately to the repository owner.

GitHub Watch does not store GitHub tokens. It uses the local gh CLI and whatever credentials gh already manages.

The local inventory cache can include private repository names, issue and pull request titles, URLs, labels, comments counts, and review/check state. Treat ~/.cache/github-watch/inventory.json as private local data.