Only the latest state of main is supported.

Do not open public issues for security vulnerabilities.

1. Use GitHub private vulnerability reporting for this repository when available.
2. If private reporting is unavailable, contact the maintainer through https://github.com/justinthelaw and request a private channel.
3. Include impact, affected runner images, and reproduction steps.

• Initial acknowledgement: within 3 business days.
• Triage and severity assessment: within 7 business days.
• Mitigation timeline: depends on severity.