Report vulnerabilities privately through GitHub Security Advisories when available, or by contacting the maintainer directly. Public issues and pull requests must not include secrets, credentials, private endpoints, auth headers, cookies, tokens, key material, vault contents, or session material.
Kun protects access-recovery posture. Public contributions must preserve redaction, value-free CI, and local-only handling for any live access material.