Do not open public issues for secrets, vulnerabilities, or sensitive customer data. Contact the maintainers privately through the organization’s established security channel.
- Do not commit API keys, credentials, internal customer records, or private URLs.
- Do not include prompts that instruct models to invent facts or bypass review.
- Keep finance, legal, safety, and compliance-sensitive outputs explicitly reviewable.
- Treat generated
.supraexamples as templates, not as automatic production approvals.