If you find a security issue in Obsypi, please do not open a public issue first.

Instead:

1. Email the maintainer or use a private disclosure channel if one is available.
2. Include a clear description of the issue, affected versions, reproduction details, and potential impact.
3. Allow time for the issue to be reproduced and patched before public disclosure.

Because Obsypi is an Obsidian plugin with vault mutation capabilities, reports involving data loss, unintended file access, credential exposure, or path-guard bypasses are especially important.