If you find a security issue, please avoid opening a public issue with exploit details.

Instead, report it privately to the maintainer first.

When reporting, include:

• affected version or commit
• reproduction steps
• impact assessment
• suggested mitigation if available

We will try to confirm, assess, and respond as quickly as possible.