If you discover a security vulnerability, please report it using GitHub Security Advisories (private vulnerability reporting). Do not disclose vulnerabilities in public issues; if you cannot use Security Advisories, contact the maintainers privately and request the issue be handled as a security report.

Do not commit secrets or sensitive credentials to the repository. Use GitHub Actions secrets, environment variables, OIDC, or an external secret manager for sensitive values.