- Report vulnerabilities privately via GitHub Security Advisories.
- Do not include secrets or credentials in code or documentation.
- OAuth credentials must be supplied via environment variables.
- Patches will be released promptly after validation and testing.