dotfiles is a personal config repo. A vulnerability typically means malicious config or snippet injection, secrets accidentally committed in *.template files, or bootstrap.sh doing something unexpected on a fresh machine.

Report vulnerabilities through GitHub's private advisory: https://github.com/martinciu/dotfiles/security/advisories/new

Do not file public issues for security reports.