If you find a vulnerability in any plugin, please do not open a public issue.
Instead: email mike@objektarium.de with details. I aim to acknowledge within 72 hours.
- 90-day responsible disclosure target from confirmed acknowledgment.
- Critical issues may be embargoed for less depending on user impact.
- Coordinated disclosure with credit (if you'd like) on resolution.
In scope: code in this marketplace's plugins.
Out of scope: third-party services the plugins integrate with (Replicate, ElevenLabs, etc.) — report to those vendors directly.