If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue
2. Email rushil@rushilkaul.com with details
3. Include steps to reproduce if possible
4. Allow reasonable time for a fix before public disclosure

• Acknowledgment: Within 48 hours
• Assessment: Within 1 week
• Fix: Depends on severity, typically within 2 weeks for critical issues