Security fixes are currently applied on the latest default branch (main).

Please do not open a public GitHub issue for suspected security problems.

Instead:

1. Contact the maintainer privately first.
2. Include a short description of the issue.
3. Include reproduction steps, affected inputs, and impact.
4. If relevant, mention whether the issue affects:
   • alphaXiv fetching
   • arXiv fallback
   • URL parsing / normalization
   • packaged skill distribution