Goal
Add a SECURITY.md describing how to report vulnerabilities responsibly.
Scope
Create SECURITY.md at repo root:
- How to report a vulnerability privately.
- Reinforce that credentials live only in a local
tests/.env (never committed).
Acceptance criteria
Goal
Add a
SECURITY.mddescribing how to report vulnerabilities responsibly.Scope
Create
SECURITY.mdat repo root:tests/.env(never committed).Acceptance criteria
SECURITY.mdexists at repo root