Please do not open public issues for suspected vulnerabilities.

Report security concerns through GitHub private vulnerability reporting for this repository, or contact the maintainer directly if private reporting is unavailable.

Include:

• affected version
• input files or config shape needed to reproduce
• expected vs actual risk classification
• any impact on secret handling, publishing, or CI output

The latest released version is supported.