We take security seriously. Please do not file a public GitHub issue for security vulnerabilities. Instead, report them through Meta's Bug Bounty Program so they can be triaged and addressed promptly:
When reporting, please include:
- A clear description of the vulnerability and its potential impact.
- Steps to reproduce the issue.
- Any proof-of-concept code, screenshots, or logs.
- The affected plugin, skill, version, and commit if known.
Meta will acknowledge your report and work with you to verify and resolve the issue. We greatly appreciate the security research community's efforts to keep our users safe.
Only the latest release of each plugin is actively maintained. Please update to the latest version before reporting a security issue.