Please do not open a public issue for suspected security vulnerabilities.

Instead:

1. Use GitHub security reporting features for the repository if they are enabled.
2. If private reporting is unavailable, contact the maintainer directly before public disclosure.

When reporting, please include:

• a clear description of the issue
• affected files or surfaces
• reproduction steps
• potential impact
• any suggested mitigation

We aim to acknowledge reports quickly and coordinate a fix before public disclosure when possible.