diff --git a/docs/README.md b/docs/README.md
index 8bd7de6..9affcd5 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -156,6 +156,12 @@
 
 <h2>FAQ</h2>
 <p>
+  <h3>Is Blue Marble malware?</h3>
+  <p><b>A:</b> Blue Marble does not contain malicious code. The Blue Marble code can be found in the <code>src/</code> folder. If you worry about Blue Marble being malware, you can read the code, then bundle it yourself using the tools in <code>build/</code>.
+
+  <h3>How can Blue Marble place pixels for me?</h3>
+  <p><b>A:</b> Unfortunatly, Blue Marble will not support the automatic placement of pixels without user interaction.
+
   <h3>How do I hide the overlay?</h3>
   <p><b>A:</b> Turn the userscript off and refresh the page.</p>
 
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 0000000..716f1a7
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,5 @@
+<h1>Reporting A Security Vulnerability</h1>
+<a href="" target="_blank" rel="noopener noreferrer"><img alt="CodeQL" src="https://github.com/SwingTheVine/Wplace-BlueMarble/actions/workflows/github-code-scanning/codeql/badge.svg"></a>
+<p>
+  Since this is a userscript, there will not be many vulnerabilities. The user is in charge of their own security, by choosing which scripts to run. Regardless, if you do find a security vulnerability in Blue Marble, please report it on the GitHub Security Advisory <a href="https://github.com/SwingTheVine/Wplace-BlueMarble/security/advisories/new">"Report a Vulnerability"</a> tab.
+</p>
\ No newline at end of file