Please do not open public issues for leaked keys, OAuth tokens, private cache databases, private reports, or any bug that exposes private data.
Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled, contact the repository owner and include:
- a short description of the issue;
- steps to reproduce it;
- whether API keys, OAuth tokens, cache contents, generated reports, or user data are affected;
- suggested remediation, if known.
Unless a repository says otherwise, security fixes target the default branch. Pre-1.0 projects may not maintain old release branches.
Do not commit .env files, API keys, OAuth token files, cache databases, private reports, or outputs that contain private customer, channel, wallet, or creator research. Use synthetic fixtures for examples and tests.