If you find a security issue in this repository, report it privately through the repository security advisory feature when available. If that is not available, open a minimal issue that says a private report is needed, without including sensitive details.

Do not open public issues containing:

• secrets
• tokens
• cookies
• raw authentication headers
• private evidence
• live exploit details
• third-party vulnerability evidence

This repository is not a coordinated disclosure channel for vulnerabilities in other organizations. Do not submit live third-party target evidence here.

If sensitive material is submitted by accident, maintainers will remove it from public view where possible and recommend rotation or responsible reporting when needed.