If you discover a security issue, please report it privately.

• Preferred: open a GitHub Security Advisory for this repository
• Alternative: contact the repository owner via GitHub

Please include:

• A clear description of the issue and its impact
• Steps to reproduce (as minimal as possible)
• Affected files/versions (commit SHA or tag)

Do not publicly disclose vulnerabilities until a fix is available.