If you discover a security issue, please do not post it publicly first.

Open a private report if possible, or contact the maintainer directly with:

• a short description of the issue
• affected versions or commits
• reproduction details
• impact assessment if known

Reports related to local runtime execution, auth/session handling, approval flows, or filesystem access are especially appreciated.