If you discover a security vulnerability, please report it responsibly:

1. DO NOT open a public issue
2. Email: security@prime-ai.fr
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 5 business days
• Fix & Disclosure: Within 30 days

• Never commit API keys, tokens, or secrets
• Use environment variables for sensitive configuration
• Keep dependencies updated
• Enable 2FA on your GitHub account

We follow responsible disclosure. Security researchers who report valid vulnerabilities will be credited in the project's security advisories.