Do not report security issues in public issues, discussions, or pull requests.
Until the dedicated public plugin repository is live, report vulnerabilities through GitHub private vulnerability reporting for debugbundle/debugbundle:
After the plugin repository is published, use its dedicated security reporting flow.
This plugin is pre-production. Security fixes are applied against the latest unreleased code.