Security Policy Never commit secrets, API keys, or private datasets. Report vulnerabilities via a private GitHub security advisory or the maintainer’s contact. Rotate any exposed credentials immediately.