See docs/security-policy.md for the full policy.
Summary: Report exploitable vulnerabilities privately (GitHub Security Advisories or maintainer contact). Do not open public issues for security bugs.
shieldkit provides basic guardrails, not a complete security product. See docs/design/limitations.md.
Automated adversarial coverage: docs/testing/SECURITY_ASSURANCE_REPORT.md.