This repository is research code. Security fixes are best-effort on the default branch.

Please open a private security advisory on GitHub if possible. If private reporting is not available, open an issue without disclosing exploit details and request a private follow-up channel.

In scope:

• Credential leakage in scripts/docs
• Unsafe defaults that expose user data

Out of scope:

• Vulnerabilities in third-party dependencies (report upstream first)