Report vulnerabilities privately through GitHub private vulnerability reporting or by contacting the maintainer. Do not open public issues for suspected vulnerabilities. Remove secrets from logs before sharing.

Never commit API keys, .env files, local databases, user uploads, generated media, or provider credentials. Use placeholder examples only.