Please do not open public issues for security vulnerabilities.

Report security issues privately through GitHub Security Advisories:

• Repository Security tab -> Report a vulnerability

If that is unavailable, open a private channel with maintainers and include:

• affected version/commit
• reproducible steps
• impact assessment
• suggested remediation (if available)

This project processes pull request metadata and content through the GitHub API. Do not include personal access tokens, secrets, or private repository code in issues, PR descriptions, or test fixtures.

• We will acknowledge reports as soon as possible.
• We will validate, triage severity, and publish a fix timeline.
• Coordinated disclosure is preferred after a patch is available.