Skip to content

Security: bitgorust/opencode-immersive-translate

SECURITY.md

Security Policy

Reporting a Vulnerability

Use GitHub's private vulnerability reporting (Security tab → "Report a vulnerability"). Do NOT open a public issue for security-sensitive reports.

Scope

This plugin ships text from assistant messages to a user-configured translation endpoint (default: Microsoft Translator's unofficial Edge endpoint). It ships best-effort regex redaction for common secret patterns (AWS keys, GH tokens, JWTs, etc.) before sending text.

Important caveat (will appear verbatim in README):

Redaction is best-effort regex matching. It is NOT a security control. Sensitive data may still leak. The only reliable way to keep secrets out of translation is not to put them in your LLM prompts.

Supported Versions

The latest released version is supported. Older versions receive security patches at the maintainer's discretion.

There aren't any published security advisories