If you discover a security issue, please do not open a public issue.

Instead, report it privately to the maintainer via GitHub security advisory or direct maintainer contact. Include:

• Description of the issue
• Affected files and versions
• Reproduction steps or proof of concept
• Potential impact

• Initial acknowledgment: within 7 days
• Triage and severity assessment: within 14 days
• Remediation timeline: depends on severity and complexity

This project is a benchmarking suite and does not provide hosted services. Security concerns most commonly involve dependency issues, unsafe file handling, or command execution assumptions in user-provided scripts.