Please open a private security advisory on GitHub or email the maintainers listed in MAINTAINERS.

Do not open public issues for undisclosed security problems.

This template processes local LaTeX source. Risks are primarily:

• Untrusted LaTeX input (\write18, shell-escape) — disabled by default except just web which requires -shell-escape for lwarp.
• Third-party Docker base image supply chain — pin tags in production forks.