Please do not open public issues for suspected security vulnerabilities.

Report privately to: security@bittrees.org

Include:

• Affected file(s) or feature(s)
• Reproduction steps
• Impact assessment
• Any proof-of-concept details

• Initial acknowledgement target: within 72 hours
• Triage/update target: within 7 days

This policy covers repository code, automation scripts, and generated site artifacts in this project.