UI Style Kit CSS is a CSS-only package. It does not execute client-side JavaScript and does not collect or transmit data.

Report potential vulnerabilities privately via GitHub Security Advisories (Security tab → Report a vulnerability), or through the preferred private contact channel once configured.

In scope:

• Supply-chain/package integrity concerns
• Malicious or unexpected files in published package contents
• Unsafe generated demo code

Out of scope:

• Accessibility bugs that do not create a security issue
• Visual rendering inconsistencies across browsers