# Security Policy
Security reports are appreciated.
## Reporting a vulnerability
Please avoid posting full exploit details in a public issue.
If GitHub private vulnerability reporting is enabled for this repository, use that first. Otherwise, contact the maintainer through an existing private channel if you have one and include:
- affected version or commit
- impact
- reproduction steps
- any known workaround
If no private path is available, open an issue with limited detail so the maintainer can coordinate next steps without immediately publishing a weaponized report.
## Scope
Please report issues related to:
- authentication or authorization bypass
- remote access exposure
- key or secret handling
- command execution or privilege boundaries
- data leakage across sessions or nodes