Do not publish credentials, private repository URLs, local machine paths, agent session logs, cookies, bearer tokens, or private coordination artifacts.

If a security issue is found, report it through the repository maintainers instead of opening a public issue with exploit details.

Package artifacts must not include temporary audits, private memory files, local configs, or session data.