This repository is maintained on the default branch.
Do not open public issues for sensitive disclosures.
Use one of these private channels instead:
- GitHub private vulnerability reporting, if enabled for the repository
- The contact form linked from the maintainer's public profile or website
When reporting, include:
- A short description of the issue
- Impact and affected files or templates
- Reproduction steps, if applicable
- Any suggested mitigation
Relevant issues include:
- Hardcoded credentials or secret exposure
- Unsafe bootstrap behavior in install scripts
- Misconfigured permissions or risky default settings
- Sensitive data written into rendered files unexpectedly