Report vulnerabilities via GitHub's private vulnerability reporting. DO NOT open public issues for security vulnerabilities.

We care about: intent data leakage, claim verification integrity, MCP server sandbox bypasses, privilege escalation, memory safety.