This repository is a template for planning and documentation workflows. It does not ship application code by default.
If you find a security issue in a repository created from this template:
- Do not publish sensitive details in a public issue.
- Contact the repository owner using the private channel defined by that project.
- Include clear reproduction steps, impact, and affected files or workflows.
For repositories created from this template:
- Define a private reporting channel before the project is public.
- Avoid committing secrets, credentials, tokens, or private customer data.
- Review GitHub Actions before enabling third-party workflows.
- Keep dependency and automation permissions as narrow as practical.
- Document security-sensitive decisions in issues or pull requests.