If you believe you’ve found a security vulnerability, please do not open a public issue.

• Preferred: open a private security advisory (if enabled for this repository)
• Otherwise: contact the maintainer privately with details and reproduction steps

Please include:

• What you found and why it matters
• Steps to reproduce
• Affected versions/commits (if known)