Skip to content

Security: Coding-Autopilot-System/gemini-nano

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Do not report vulnerabilities in public issues, pull requests, discussions, or logs.

Use GitHub private vulnerability reporting when available. Otherwise, email OgeonX@gmail.com with:

  • affected repository, branch, version, or commit;
  • impact and realistic attack scenario;
  • minimal reproduction steps or proof of concept;
  • suggested mitigation, if known.

Do not include active credentials, personal data, or unrelated private material.

Scope

Security issues are especially relevant for:

  • browser-extension or local-bridge privilege boundaries;
  • unsafe logging, secret exposure, or token handling;
  • workflow permissions and dependency-chain weaknesses;
  • arbitrary code execution or unsafe local automation behavior.

Safe harbor

Good-faith research that avoids privacy violations, persistence, destructive changes, and service degradation will be treated as authorized within this policy's scope.

There aren't any published security advisories