Clarify README encoded delimiter safety guidance

cursoragent · shrisukhani · cursoragent · commit 05b86f2eb084 · 2026-02-13T10:07:39.000Z
Co-authored-by: Shri Sukhani &lt;shrisukhani@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ export HYPERBROWSER_HEADERS='{"X-Correlation-Id":"req-123"}' # optional JSON obj
 and not contain query parameters, URL fragments, backslashes, control characters,
 or whitespace/newline characters.
 `base_url` must not include embedded user credentials.
-Unsafe encoded host/path forms (for example encoded traversal segments) are also rejected.
+Unsafe encoded host/path forms (for example encoded traversal segments or encoded host/path delimiters) are also rejected.
 The SDK normalizes trailing slashes automatically.
 If `base_url` already ends with `/api`, the SDK avoids adding a duplicate `/api` prefix.
 If `HYPERBROWSER_BASE_URL` is set, it must be non-empty.
