Please do not report vulnerabilities in public issues.

Use GitHub Security Advisories for private disclosure:

https://github.com/JacobFV/yt2ctx/security/advisories/new

Include:

• a description of the issue
• reproduction steps or proof of concept
• affected surfaces, such as web app, API, CLI, or MCP server
• any known impact or mitigation

Do not include API keys, private video URLs, or secrets in reports.