If you discover a security issue, please open a confidential report by creating a new GitHub Issue and clearly marking it as a security concern. Do not include sensitive details in public pull requests.

This is a learning repository. Security fixes are best-effort.

• Do not commit secrets or tokens
• Keep dependencies updated
• Run cargo audit regularly (enabled in CI)