If you discover a security issue, please do not open a public GitHub issue with exploit details.

Instead:

• report it privately to the maintainer
• include reproduction steps, impact, and any suggested mitigation
• note whether the issue affects the public site, hosted product shell, or Vercel functions

Please include enough detail to reproduce the issue quickly and safely.

We’ll aim to acknowledge serious reports promptly and fix verified issues as fast as practical.