Report vulnerabilities privately to maintainers before public disclosure.
Security issues include:
- secret/token leakage
- privilege escalation in adapter code
- insecure defaults in chart rendering/data handling
- Acknowledge report within 72 hours.
- Provide remediation plan and timeline.
- Publish advisory after patch is available.