If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public issue
2. Email the maintainer or use GitHub Security Advisories
3. Include steps to reproduce and potential impact
4. Allow reasonable time for a fix before public disclosure

We take security seriously and will respond promptly.