If you discover a security issue, please avoid posting sensitive details in a public GitHub issue.

When reporting a vulnerability, include:

• a short summary of the issue
• the affected area
• reproduction steps
• impact assessment

Please do not include:

• API keys
• prompt traces containing private briefs or customer data
• local filesystem paths that expose personal machine details
• browser storage exports with private workspace content

Until a dedicated security contact is added, open a private channel with the maintainer rather than a public issue.