This repository accepts security reports for:

1. Python package runtime and indexing/search surfaces (code/zpe_geo).
2. Repo-local scripts, fixtures, and packaging metadata that affect published behavior (code/scripts, code/fixtures, pyproject.toml).
3. CI and release pipeline configurations.

Please report vulnerabilities privately to the project owner with:

1. A clear impact summary.
2. Reproduction steps or proof-of-concept.
3. Affected versions/commit ranges.
4. Suggested remediation when available.

1. Initial acknowledgement: within 5 business days.
2. Triage and severity classification: within 10 business days.
3. Remediation timeline: shared after triage.

Public disclosure should be coordinated after a fix is available.