Do not disclose security vulnerabilities in public Issues.

Please report privately via:

1. GitHub Security Advisories: On the repo page, click "Security" → "Report a vulnerability"
2. Email: Send to maintainer's public email (if listed in the repo README)

We will acknowledge and respond as soon as possible, and may thank you after a fix (with your consent).

• Do not commit API keys, secrets, or other sensitive data in code or Issues
• .env is in .gitignore; do not commit it