The application never requires credentials inside source files or spreadsheets. It reads secrets from:
- environment variables, when present; or
- the operating-system keychain through
keyring.
Never paste credentials into an issue, log, workbook, screenshot, or commit. Revoke any credential that was ever committed to version control, even if the commit was later deleted.
Report security issues privately to the repository owner. Include a minimal reproduction and do not publish working exploits before a fix is available.
This project does not attempt to bypass authentication, paywalls, CAPTCHAs, access controls, rate limits, or anti-bot protections. Such bypass features are outside the project scope.