If you discover a security issue, please report it privately first.
- Describe the issue clearly
- Include reproducible steps
- Avoid posting secrets or keys in issue comments
Please patch sensitive output handling and token leakage paths before public release.