If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue.
2. Email the maintainer or use GitHub Security Advisories to report privately.
3. Include a description of the vulnerability, steps to reproduce, and potential impact.

We will acknowledge receipt within 48 hours and aim to release a fix within 7 days for critical issues.