Please report suspected vulnerabilities privately through GitHub's private vulnerability reporting for this repository.

Do not open a public issue for sensitive security reports. If the report is not sensitive, open an issue with enough detail to reproduce the problem.

Security fixes are accepted for the current main branch. Skills in this repository may ask agents to run local commands, so reports involving unsafe defaults, unexpected mutation, credential exposure, or command injection are in scope.