If you discover a security vulnerability in any ValescoAgency repository, please report it privately rather than opening a public issue.

Email jason@valescoagency.com with:

• Repository name and the affected branch / commit
• Steps to reproduce
• Impact assessment (what an attacker could do)
• Any suggested mitigation, if you have one

You will get an acknowledgement within 48 hours.

Coordinated disclosure. Please give us a reasonable window to investigate and ship a fix before publishing details. We will credit reporters in the patch notes unless you ask us not to.