If you discover a security vulnerability:

1. DO NOT open a public issue
2. Use GitHub's private vulnerability reporting or email the maintainer
3. Include: description, steps to reproduce, potential impact, and suggested fix (if any)

We will acknowledge receipt within 48 hours and provide a fix within 14 days.

• Authentication handled by GitHub CLI (gh) - no credentials stored by this script
• All data stored locally only - protect reports containing sensitive organization information
• Requires org owner or billing manager permissions

Disclaimer: Community tool, not an official Microsoft/GitHub product. Users are responsible for securing credentials and protecting generated reports.