Report suspected vulnerabilities through GitHub Security Advisories for this repository or by contacting security@sylphx.ai.
Do not open public issues for vulnerabilities, package publish credentials, private consumer state models, unreleased benchmark data, or supply-chain concerns. If a secret or package-publish credential is exposed, rotate it first, then document recovery evidence in the owning runbook or incident record.