Please do not open a public issue for potential security problems.
Instead, report the issue privately to the maintainer through GitHub: https://github.com/petesmithofficial
Include enough detail to reproduce the issue, the affected version or commit, and any suggested mitigation if you have one.
You can expect an initial response within a reasonable time and coordinated disclosure once the issue has been understood and addressed.