Skip to content

Security: dushaobindoudou/prism

Security

SECURITY.md

Security Policy

Supported Versions

Security reports are accepted for the current main branch.

Reporting a Vulnerability

Please open a private security advisory on GitHub, or contact the maintainers through the security contact listed in the repository profile.

Do not disclose exploitable details publicly until a fix is available.

Sensitive Data Rules

Prism is designed to run local-first, but it can touch sensitive runtime material:

  • LLM API keys
  • OpenCLI profiles
  • Browser sessions/cookies
  • Local SQLite databases
  • Collected social content
  • Generated comments or publishing actions

Never commit or paste these into issues:

  • .env
  • apps/server/config/local.yaml
  • apps/*/data/*
  • logs/*
  • API keys, cookies, bearer tokens, browser profile IDs

Responsible Use

Prism is not investment advice. Users are responsible for complying with platform terms, local laws, data policies, and rate limits for any configured collectors or publishing tools.

There aren't any published security advisories