We take the security of SkinMinder seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via email to [SECURITY EMAIL]. You should receive a response within 48 hours.

Please include the following information in your report:

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue

We prefer all communications to be in English.

• Never commit API keys, credentials, or secrets to the repository
• Use environment variables for all sensitive configuration
• Keep dependencies up to date
• Follow the principle of least privilege for database access
• All user input should be validated and sanitized