30 lines
909 B
Markdown
30 lines
909 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Security fixes are applied to the latest version on `main`.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please do not open a public issue for undisclosed vulnerabilities.
|
|
|
|
Instead, report privately by emailing:
|
|
- `kieran@every.to`
|
|
|
|
Include:
|
|
- A clear description of the issue
|
|
- Reproduction steps or proof of concept
|
|
- Impact assessment (what an attacker can do)
|
|
- Any suggested mitigation
|
|
|
|
We will acknowledge receipt as soon as possible and work with you on validation, remediation, and coordinated disclosure timing.
|
|
|
|
## Scope Notes
|
|
|
|
This repository primarily contains plugin instructions/configuration plus a conversion/install CLI.
|
|
|
|
- Plugin instruction content itself does not run as a server process.
|
|
- Security/privacy behavior also depends on the host AI tool and any external integrations you explicitly invoke.
|
|
|
|
For data-handling details, see [PRIVACY.md](PRIVACY.md).
|