If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public issue
2. Send an email to the project maintainers
3. Include a description of the vulnerability and steps to reproduce

We will respond within 48 hours and work on a fix.