# Security Policy

## Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Until a dedicated security inbox is configured, contact the maintainers privately and include:

- A description of the issue
- Reproduction steps or proof of concept
- Potential impact
- Any suggested remediation if you have one

We will acknowledge receipt, assess severity, and coordinate a fix before public disclosure when appropriate.