Security Policy Reporting a Vulnerability If you discover a security vulnerability, please open an issue or email the maintainer. We will coordinate a fix and disclosure. Best Practices Never commit secrets or API keys. Use environment variables for sensitive data. Keep dependencies up to date.