We take security seriously at GoPlus Security. If you discover a security vulnerability in this project, please report it responsibly.
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
- Email: Send details to security@gopluslabs.io
- GoPlus Security Platform: Report through GoPlus Security
Please include the following information in your report:
- Type of vulnerability
- Full path to the affected file(s)
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact assessment
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Based on severity
| Level | Description | Target Resolution |
|---|---|---|
| Critical | Immediate threat to users | 24-48 hours |
| High | Significant security impact | 7 days |
| Medium | Limited security impact | 30 days |
| Low | Minimal security impact | 90 days |
This security policy applies to:
- All code in this repository
- Skills and plugin configurations
- Documentation that may expose sensitive patterns
- GoPlus MCP Server (report to goplus-mcp)
- GoPlus API (report to security@gopluslabs.io)
- Third-party dependencies (report to respective maintainers)
When using these skills:
- Never commit API keys - Use environment variables
- Validate all inputs - Don't trust external data blindly
- Review before execution - Always review AI-generated code
- Keep dependencies updated - Regularly update goplus-mcp
We appreciate the security research community's efforts in responsibly disclosing vulnerabilities. Contributors who report valid security issues will be acknowledged (with permission) in our security advisories.
Thank you for helping keep GoPlus Security Skills safe!