Do not open a public GitHub issue for security vulnerabilities.

Email: eatingai100@gmail.com Subject: [SECURITY] Gaming Assistant AI - <short description>

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fix (optional)

Response within 72 hours. Fixes prioritized within 7 days for confirmed issues.

• API key exposure or leakage via the app
• Remote code execution via any input (chat, voice, screenshot)
• CSP bypasses
• Tauri IPC command injection

• Issues requiring physical access to the machine
• Social engineering
• Vulnerabilities in third-party APIs (DeepSeek, Gemini, Deepgram, etc.) — report those to the respective provider

This app stores API keys in .env (local file, never transmitted). Keys are used client-side via Vite env injection. Do not share your .env or built binaries that may embed keys.