Do not open a public GitHub issue for suspected security vulnerabilities in this repository.
Report vulnerabilities through your organization's approved private security reporting channel. Include:
- affected file or workflow
- impact summary
- reproduction details
- suggested remediation if known
This applies to:
- GitHub Actions workflows
- Python orchestration scripts
- runner bootstrap assets
- policy and scanning behavior
Changes affecting secrets, authentication, registry access, or policy enforcement should be reviewed carefully before rollout.