Security reports are accepted for the current main branch.
Please open a private security advisory on GitHub, or contact the maintainers through the security contact listed in the repository profile.
Do not disclose exploitable details publicly until a fix is available.
Prism is designed to run local-first, but it can touch sensitive runtime material:
- LLM API keys
- OpenCLI profiles
- Browser sessions/cookies
- Local SQLite databases
- Collected social content
- Generated comments or publishing actions
Never commit or paste these into issues:
.envapps/server/config/local.yamlapps/*/data/*logs/*- API keys, cookies, bearer tokens, browser profile IDs
Prism is not investment advice. Users are responsible for complying with platform terms, local laws, data policies, and rate limits for any configured collectors or publishing tools.