Plugin Portability runs locally as a plugin within your AI coding assistant. It does not operate remote services or store data externally.
However, skill content could be injected if a malicious source repository is used as input. The uplift and assessment skills read arbitrary plugin repositories — a crafted repository could contain skill files with prompt injection attempts.
If you discover a security vulnerability, please report it responsibly:
Email: nathaniel.ramm@discretedatascience.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
Response commitment: We will acknowledge your report within 7 days and work with you to understand and address the issue.
We accept vulnerability reports in English.