If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue
2. Email: open a private security advisory
3. Include steps to reproduce and potential impact

We will respond within 48 hours and aim to release a fix within 7 days.