Security policy and responsible disclosure for this repository.

If you discover a security vulnerability, please open an issue or contact the maintainer privately. Do not publish sensitive details publicly until a fix or mitigation is available.

See also: docs/SUPPLY-CHAIN-SECURITY.md for supply-chain specific guidance.