If you discover a security issue, do not open a public issue. Use GitHub's private security advisory flow for the repository.
Please include:
- a short summary
- affected version or commit
- reproduction steps
- impact assessment
- any suggested mitigation
- code execution risks
- unsafe file handling
- credential leakage
- supply-chain concerns
- data exposure in generated reports
Security reports will be handled privately and reviewed as soon as practical.