This policy covers:

• repository content
• contribution gates
• workflow and automation logic

If you find a security issue, open a private report to the maintainer before public disclosure.

Preferred channels:

• GitHub security advisory for this repository
• direct email to repository maintainer contact listed on GitHub profile

• affected file paths
• reproduction steps
• risk impact
• suggested mitigation

• acknowledge receipt within 3 business days
• provide initial triage outcome within 7 business days
• coordinate remediation and disclosure timeline

Do not publish exploit details before maintainers confirm a fix or mitigation path.