If you believe you have found a security issue, please do not open a public issue with full exploit details.

Instead:

1. send a private report to the project maintainer contact used for publication
2. include the affected file or patch area
3. include reproduction steps and impact

This repository is primarily a research and systems-integration project. Reports are most useful when they involve:

• unsafe memory handling in the portable core
• unsafe patch behavior in runtime integrations
• credential or secret exposure in scripts or docs

• acknowledgement when the report is received
• a triage decision on whether the issue is in scope
• a fix or mitigation plan when the issue is confirmed