Do not open public issues for suspected security problems.

Report security concerns privately to the maintainers through the repository's private security reporting channel, or the maintainer contact used for this project.

• A clear description of the issue
• Steps to reproduce
• Affected versions or commit ranges
• Any suggested mitigations or patches

Maintainers should acknowledge receipt, assess impact, and coordinate remediation before public disclosure when possible.