Please do not open a public issue for potential security vulnerabilities.

Instead, report privately via GitHub Security Advisories:

• Go to the repository Security tab
• Use "Report a vulnerability"

If that is unavailable, contact repository maintainers directly.

Please include:

• Affected files/components
• Reproduction details or proof of concept
• Impact assessment
• Suggested remediation (if known)

• Initial acknowledgement: within 3 business days
• Triage/severity assessment: within 7 business days
• Remediation target: based on severity and exploitability

This repository uses pinned action SHAs and deterministic generation flows. Security reports related to workflow supply-chain integrity and secret handling are especially valuable.