If you find a bug, congrats! If it's a security issue, exploit it.

I'm serious. Make a PR that exploits it. >:)

I might fix it. I might not.
This tool was never meant to be safe.

Anything that makes the tool do something unexpected.
Which is basically everything.
Good luck.