If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue
2. Use GitHub's private vulnerability reporting
3. Include a description of the vulnerability, steps to reproduce, and potential impact

You should receive an initial response within 72 hours. We'll work with you to understand the issue and coordinate a fix before any public disclosure.