The following versions of this extension are currently being supported with security updates:

We take the security of our users seriously. If you discover a security vulnerability within this project, please do not open a public issue. Instead, follow the steps below:

1. Email us: Send an email to me@anthuanvasquez.net with the subject "SECURITY VULNERABILITY".
2. Details: Include a detailed description of the vulnerability, steps to reproduce it, and any potential impact it might have.
3. Response: We will acknowledge your report within 48 hours and provide a timeline for a fix if applicable.

We ask that you follow responsible disclosure principles and allow us sufficient time to address the issue before making any public announcement.

This security policy applies only to the gemini-cli-engram extension and its direct source code. It does not cover external dependencies or the Engram MCP server itself, which should be reported to their respective maintainers.