Do not disclose vulnerabilities, secrets, API keys, private data, or exploit details in public issues.
For security-sensitive reports, use GitHub private vulnerability reporting when the target repository exposes it. If private reporting is unavailable, open a minimal public issue that asks for a private contact path and omit exploit details.
Active public repositories under shfqrkhn are maintained on their default branch. Retired or deleted repositories are out of normal support; use the current active repository or portfolio link when reporting issues.
- Include the affected repository, page, browser/runtime, and reproduction outline.
- Describe impact without publishing working exploit code.
- Allow reasonable time for triage before public disclosure.