Use the repository security policy for private vulnerability reporting:
- Policy: https://github.com/Felix-Zuo/HulunGuard/security/policy
- Private advisory form: https://github.com/Felix-Zuo/HulunGuard/security/advisories/new
- Threat model: ../docs/THREAT_MODEL.md
Do not publish private prompts, credentials, customer files, production traces, or vulnerability details in public issues.