From d2bf031ceb3090a462ba8ec45fd7a71b18f1f3f5 Mon Sep 17 00:00:00 2001
From: Graham Campbell <hello@gjcampbell.co.uk>
Date: Fri, 12 Jun 2026 22:13:03 +0100
Subject: [PATCH] Document the security model

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index dd0ac3c..ba13711 100644
--- a/README.md
+++ b/README.md
@@ -15,4 +15,6 @@ Check out the [osls compose documentation](https://github.com/oss-serverless/osl
 
 Compose honors the same proxy, custom certificate authority, and timeout environment variables as osls (`HTTP_PROXY`/`HTTPS_PROXY`, `ca`/`cafile`, and `AWS_CLIENT_TIMEOUT`) for its own AWS requests, such as remote state access. See [Running behind a proxy](https://github.com/oss-serverless/osls/blob/4.x/docs/guides/credentials.md#running-behind-a-proxy).
 
+A Compose project is code: loading a `serverless-compose.js` or `serverless-compose.ts` configuration executes it, and deploying runs the osls CLI in each service directory. Do not run projects from untrusted sources. See the [osls security model](https://github.com/oss-serverless/osls/blob/4.x/docs/guides/security.md) and the [Compose security notes](https://github.com/oss-serverless/osls/blob/4.x/docs/guides/compose.md#security-model).
+
 <p align="center"><a href="https://github.com/oss-serverless/osls/blob/4.x/docs/guides/compose.md"><img src="https://assets.website-files.com/6178ec21bdb27bb4cd52c72d/625d76707477fa1efbb3559d_blog%20header.png" width="600px"></a></p>