Hello maintainers,
I found a potential CI/CD security issue in this repository during local static analysis and local isolated tool-behavior validation. I do not want to disclose technical details in a public issue.
Could you please point me to a private security contact, GitHub private vulnerability reporting channel, email address, or preferred private channel where I can share the report?
For safety: I have not opened a proof-of-concept PR, have not triggered your workflows, and have not attempted to access tokens, secrets, or write repository data.
Thank you.
Hello maintainers,
I found a potential CI/CD security issue in this repository during local static analysis and local isolated tool-behavior validation. I do not want to disclose technical details in a public issue.
Could you please point me to a private security contact, GitHub private vulnerability reporting channel, email address, or preferred private channel where I can share the report?
For safety: I have not opened a proof-of-concept PR, have not triggered your workflows, and have not attempted to access tokens, secrets, or write repository data.
Thank you.