If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public issue
2. Send details to the project maintainers via private channel
3. Include: affected component, steps to reproduce, potential impact

We will acknowledge receipt within 48 hours and provide a timeline for a fix.