# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in this plugin, please report it responsibly.

**Do NOT open a public issue for security vulnerabilities.**

Instead, please email the maintainer directly or use GitHub's private vulnerability reporting feature.

## Security Considerations

This plugin:

- Does not store credentials or API keys
- Does not make external network requests (except when using WebFetch for URL processing)
- Does not execute arbitrary code
- Stores all data locally in markdown files

## User Data

- The `config/user-profile.local.md` file contains personal preferences
- This file is gitignored by default to prevent accidental commits
- Review your `.gitignore` before pushing to ensure no personal data is committed

## Dependencies

This plugin has no external dependencies beyond Claude Code itself.