Do not open public issues for suspected credential exposure, report tampering, workflow compromise, or vulnerabilities in the repository examples.

Use GitHub's private vulnerability reporting for the affected repository. If that is unavailable, contact the maintainer through the professional contact listed on the organization profile without including secrets in the first message.

Public test targets contain synthetic data only. Reports and screenshots must be reviewed for credentials, tokens, cookies, and personal data before publication.