Please report security vulnerabilities responsibly.

1. Do not open a public issue with exploit details.
2. Use GitHub private vulnerability reporting when available.
3. Include a clear description, impact, and reproduction steps.

We will acknowledge reports as quickly as possible and work on a fix.

• Never commit API keys or credentials.
• Prefer environment variable references in YAML, for example ${OPENROUTER_API_KEY}.
• Keep .env local and out of version control.