Do not open a public issue for security vulnerabilities. Open a GitHub Issue with the prefix [SECURITY].

Include: description, steps to reproduce, potential impact. Response within 72 hours.

• Prompt injection via README or issue content fed into the skill
• Unintended data exposure from repo contents
• Safety bypass through crafted trigger phrases