If you discover a security issue, please do not open a public GitHub issue with exploit details.

Report it privately to the maintainer first and include:

• affected version or commit
• reproduction steps
• impact assessment
• any suggested mitigation

For this MVP stage, security fixes will be handled on a best-effort basis.