• Do not commit API keys, access tokens, private endpoints, or local credential files.
• Keep runtime configuration in environment variables or local .env files.
• Review diffs before release to confirm no personal paths, logs, or temporary outputs are included.

If you discover a security issue or leaked credential in this repository, rotate the credential first and then notify the maintainer privately.