If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue.
2. Use GitHub's private vulnerability reporting to submit a report.
3. Include steps to reproduce and any relevant details.

You should receive an acknowledgment within 48 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.