If you discover a security vulnerability, please report it by:

1. Do NOT open a public issue
2. Email the maintainer directly or use GitHub's private vulnerability reporting feature
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

We will respond within 48 hours and work to address the issue promptly.