Do not open a public GitHub issue for security vulnerabilities.

Report security issues privately through GitHub Security Advisories for this repository when the repo is public, or contact the maintainer directly before that point.

Include:

• a clear description of the issue and impact
• affected commands, platforms, or files
• reproduction steps or a proof of concept when safe
• any mitigation you already tested

Security fixes are provided for:

• the latest main branch state before the initial open-source release
• the latest tagged release after public release begins

Older local snapshots and experimental branches are not supported for security fixes.