Please do not file public issues for undisclosed vulnerabilities.

Use one of the following approaches instead:

• contact the active maintainer directly for this repository
• open a private security advisory if your platform supports it
• provide reproduction details, impact, and suggested mitigation

• Replace the contact path before you reuse this scaffold in another repository.
• Do not keep another maintainer's direct contact wording in a copied repository.
• Make the reporting path specific enough that a first-time visitor can tell what is active and what has already been replaced.

This repository is a maintainer workflow scaffold. Security reports are most useful when they describe:

• workflow trust boundaries
• unsafe defaults in repository automation
• permissions that are broader than necessary
• disclosure risks in templates, documentation, or review flows

• acknowledge receipt quickly
• assess severity and reproduction steps
• publish a fix or mitigation note when ready