This repository is currently maintained on the latest default branch only.

Please do not open public issues for security vulnerabilities.

Instead:

1. Share a private report with the maintainers.
2. Include reproduction steps, impact, and any suggested mitigation.
3. Allow reasonable time for triage before public disclosure.

• Never commit real API keys.
• Rotate any credentials that were accidentally exposed in logs, screenshots, or issues.
• Treat prompts, fixtures, and sample reports as public once committed.