Do not open a public issue for accidental credential exposure or private-report leakage.

Use a private GitHub security advisory when available. Include a minimal public-safe reproduction and avoid sharing secrets, raw private reports, or screenshots with personal data.

The analyzer is an instruction workflow. It should not:

• upload private source code without explicit approval
• run destructive setup commands
• share generated reports before a human review
• expose credentials from local config files or logs
• bypass repository access controls

Generated reports should be treated as potentially sensitive until reviewed.