Please do not open public issues for security vulnerabilities.

Use GitHub Security Advisories (private reporting) if available for this repository. If private reporting is unavailable, contact the maintainer directly via GitHub and include:

1. Affected component and version/commit.
2. Reproduction steps.
3. Impact assessment.
4. Suggested mitigation if known.

We will acknowledge valid reports as soon as possible and coordinate a fix/release window before public disclosure.