Report vulnerabilities privately to maintainers before public disclosure.

Security issues include:

• secret/token leakage
• privilege escalation in adapter code
• insecure defaults in chart rendering/data handling

• Acknowledge report within 72 hours.
• Provide remediation plan and timeline.
• Publish advisory after patch is available.