If you find a security issue in a LabY repository, do not disclose it in a public issue.
For now, report security concerns directly to the repository maintainer or organization owner. Add a dedicated security contact here once the team has a shared mailbox or preferred private channel.
When reporting, include:
- affected repository and commit or release
- reproduction steps
- expected impact
- suggested mitigation, if known