If you discover a security vulnerability, please send an email to the maintainer. Do not open a public issue.

• This Action requires GITHUB_TOKEN with read access to pull requests
• The Action only reads PR data and does not modify any repository content
• All API calls are made over HTTPS
• No sensitive data is logged or stored