Do not report security vulnerabilities in public GitHub issues, discussions, or pull requests.

Use this repository's private vulnerability reporting flow if it is enabled. If private vulnerability reporting is unavailable, contact the maintainer privately using the contact details listed on the repository owner's GitHub profile.

Please include the following when possible:

• affected commit, tag, or release
• impact and expected severity
• reproduction steps or a proof of concept
• any suggested remediation or workaround

The maintainer will acknowledge good-faith reports and work toward a fix before public disclosure.