# 🔐 Security Policy

## 📬 Reporting a Vulnerability

If you discover a security issue, please report it via:

- GitHub Security Advisory (preferred)

Do not open public issues for vulnerabilities.

---

## 📌 Scope

In scope:
- Security vulnerabilities in the application or extension
- Data leaks, auth issues, or unsafe request handling
- AI-related issues (prompt injection, misuse, data exposure)

Out of scope:
- Theoretical issues without proof
- Third-party services

---

## ⚠️ Guidelines

- Provide clear steps to reproduce  
- Include proof-of-concept if possible  
- Do not publicly disclose before a fix  

---

## 🛡️ Note

This project is intended for ethical and defensive security research only.