Report vulnerabilities privately through GitHub Security Advisories. Do not open public issues containing cookies, tokens, passwords, profile databases, or personal media. Media2MD never needs platform passwords. Cookie snapshots are written with mode 0600 and excluded from distributions.