Security Policy Reporting a Vulnerability Please report security issues privately to maintainers before public disclosure. Guidelines Do not commit secrets/keys. Use least privilege for automation tokens. Keep dependencies and CI actions updated.