Please report security vulnerabilities privately to:
Include a short description, affected component (if known), and steps to reproduce. Do not file public issues for undisclosed vulnerabilities.
Not handled via this file. For Harness / rule false positives and related appeals, see docs/governance/appeals-and-public-record.md and the append-only log docs/operations/appeal-log.md.