This repository is a curated list, not an application or package. Most security risks here are content risks (for example: malicious links, typo-squatted domains, deceptive redirects, or unsafe contribution patterns).

This policy applies to:

• README.md entries and outbound links
• Contribution workflows, issue templates, and automation in .github/
• Any change that could mislead contributors or direct users to unsafe resources

Please avoid posting sensitive details in public issues.

Preferred path:

1. Open a private vulnerability report through the repository Security tab (GitHub private reporting).
2. Include the affected entry/workflow, impact, and reproduction details.

Fallback path (if private reporting is unavailable):

1. Open a public issue with minimal details.
2. Clearly mark it as a security concern.
3. Do not include exploit instructions or sensitive data.

• Initial triage target: within 7 days
• Status updates: at least every 7 days while the report is active
• Fix timing: depends on severity and maintainer availability

Please allow maintainers time to investigate and remediate before full public disclosure.