If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public GitHub issue
2. Send a private report via GitHub Security Advisories
3. Or contact the maintainer directly

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

When contributing to git-courer:

• Never commit sensitive data (keys, tokens, credentials)
• Use go vet and gosec to scan for vulnerabilities
• Validate all user inputs
• Follow the principle of least privilege

• Secret detection may have false negatives in edge cases
• Preview commit workflow is still being validated