Security

Report a vulnerability

SECURITY.md

🔐 Security Policy

📬 Reporting a Vulnerability

If you discover a security issue, please report it via:

GitHub Security Advisory (preferred)

Do not open public issues for vulnerabilities.

📌 Scope

In scope:

Security vulnerabilities in the application or extension
Data leaks, auth issues, or unsafe request handling
AI-related issues (prompt injection, misuse, data exposure)

Out of scope:

Theoretical issues without proof
Third-party services

⚠️ Guidelines

Provide clear steps to reproduce
Include proof-of-concept if possible
Do not publicly disclose before a fix

🛡️ Note

This project is intended for ethical and defensive security research only.

There aren’t any published security advisories