Do not place real credentials, private repository content, or production secrets in benchmark cases. Use unmistakably synthetic placeholders.
Report vulnerabilities privately to the repository maintainer. See GOVERNANCE.md for the disclosure process and expected response timeline. Do not file a public issue.
Only the latest tagged release receives security patches.
The main branch may contain unreleased changes and is not supported
for production use.