Report vulnerabilities privately to security@minebench.dev.

Do not publish:

• .env.local
• service-role keys
• personal access tokens
• deployment secrets