Security Policy Do not open issues with secrets. Report vulnerabilities privately: create a SECURITY advisory or email: [email protected] (placeholder). Rotate any leaked keys immediately; do not commit .env.