If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue
2. Email the maintainer directly or use GitHub's private vulnerability reporting
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

You can expect:

• Acknowledgment within 48 hours
• Status update within 7 days
• Credit in the security advisory (if desired)

Thank you for helping keep this project secure.