# Security Policy

## Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have found a vulnerability in this repository:

- use GitHub private vulnerability reporting if it is enabled for the repo
- otherwise contact the maintainers privately through GitHub before public disclosure

Please include:

- a clear description of the issue
- affected versions, commits, or files if known
- reproduction steps or a proof of concept when safe to share
- any suggested mitigations or impact details

We will review reports as quickly as possible and coordinate on disclosure once
the issue is understood and a fix path is clear.