Please do not open public GitHub issues for security vulnerabilities.
Instead, report vulnerabilities privately to the maintainers through the repository security contact once configured. Include:
- A description of the issue
- Steps to reproduce
- Potential impact
- Any suggested mitigation
Please pay extra attention to:
- API keys and secret handling
- Auth and token flows
- Third-party webhook validation
- Data written to local runtime files
We aim to acknowledge reports promptly and coordinate a fix before public disclosure.