Security reports are welcome for:

• repository scripts
• workflow automation
• templates and generated instructions that could cause unsafe behavior

Please do not open public issues for potential vulnerabilities.

Instead:

1. Use GitHub Security Advisories for this repository, or
2. Contact the maintainer directly with details and reproduction steps.

Include:

• affected file(s)
• impact
• reproduction steps
• suggested mitigation (if known)

• Initial acknowledgment target: within 72 hours
• Triage and severity assessment: as soon as practical
• Fix timeline: based on severity and impact