If you discover a potential security issue in this project, please report it privately using GitHub’s security advisory workflow:

👉 Create a private advisory

Do not open public issues for suspected vulnerabilities.

This policy applies to all code, documentation, and workflows in this repository.

Reports should include:

• A clear description of the issue
• Steps to reproduce (if applicable)
• Impact assessment or threat model
• Suggested remediation (optional)

Maintainers will review submissions and may respond with clarification, mitigation steps, or timeline estimates. No SLA is implied.

Responsible disclosure is encouraged. Public disclosure should only occur after resolution or mutual agreement.