This repository is a small sample project and may evolve quickly. Security fixes are handled on a best-effort basis.

Do not report secrets or sensitive data in a public GitHub issue.

If you discover any of the following, report it privately to the maintainer:

• committed credentials or tokens;
• sample data that should not be public;
• request or response logs containing sensitive material;
• a vulnerability that could expose local files or secrets.

Include:

• what you found;
• affected files or code paths;
• reproduction steps, if applicable;
• impact and suggested remediation, if known.

Before opening a public pull request, verify that:

• no real API keys are present;
• no machine-specific paths were committed;
• no private experiment history was added under experiments/anima/;
• generated files remain within the intended public sample.