This repository is a research-oriented simulation project and is not intended to host production secrets or live services. Security issues are still welcome, especially if they affect dependency safety, unsafe file handling, or workflow exposure.
Please do not open a public issue for sensitive security findings.
Instead:
- Use GitHub's private vulnerability reporting if enabled.
- If private reporting is unavailable, contact the maintainer through GitHub before disclosing details publicly.
- A clear description of the issue.
- Steps to reproduce.
- Impact assessment.
- Suggested remediation if available.