If you find a security issue, please report it privately to the maintainers instead of opening a public issue.

Include:

• affected area/file;
• reproduction steps;
• potential impact;
• optional mitigation suggestion.

This project is a front-end educational application with no server-side secret handling. Still, security best practices apply (dependency hygiene, secure deployment configuration, and careful third-party updates).