Do not report secrets by opening a public issue.

This repo must not contain API keys, tokens, registry credentials, signed URLs, private provider IDs, unpublished biological sequences, private structures, raw reads, or controlled datasets.

Use GitHub private vulnerability reporting for the published repository when available. If that is unavailable, contact the maintainer through a private channel instead of posting details publicly.

When reporting, do not paste secret values. Describe the file path, commit or snapshot, and class of issue so maintainers can rotate/revoke and scrub safely.

If you find sensitive material in a local checkout, remove it from the working tree immediately and treat the checkout as non-public until history and artifacts have been reviewed.