If you discover a vulnerability, please report it responsibly:
- Do not open a public GitHub issue for undisclosed critical bugs.
- Contact the repository maintainers through the channel listed in the org profile (or open a private security advisory if enabled).
Include: affected component (contracts/, apps/web, apps/backend), reproduction steps, and impact assessment.