If you discover a vulnerability in SkillScan, do not open a public issue with exploit details.

Report privately to your security contact channel first.

When testing suspicious artifacts, use isolated systems and do not execute untrusted code.