# Security and source safety Do not report security vulnerabilities or disclose confidential editorial material through a public issue. Until a dedicated private contact is configured, contact Ana through an existing trusted channel. A security email and optional encrypted contact method must be added to `src/site.config.ts` before public launch. Never place access tokens, private keys, source identities, interview recordings, private correspondence, unpublished legal review, or embargoed documents in this repository.