Only the latest minor release receives security fixes.
| Version | Supported |
|---|---|
| 0.1.x | ✓ |
| < 0.1 | ✗ |
Do not file a public GitHub issue for security vulnerabilities.
If you find a security issue (such as a way to escape the destructive-command guard, leak the API key, inject untrusted content into Gemini prompts, or bypass the SubagentStop verdict handler), please report it privately:
- Email: through the repository owner's GitHub profile
- GitHub Security Advisory: open a private security advisory
Include:
- A clear description of the vulnerability
- Reproduction steps or a proof of concept
- The version affected
- Any suggested mitigation
- Acknowledgement: within 7 days
- Initial assessment: within 14 days
- Fix or mitigation plan: within 30 days for high-severity issues
In scope:
- Hook scripts in
hooks/(any way to bypass blocking, leak data, or inject untrusted content) - The
userConfigAPI key flow - Subagent definitions in
agents/(prompt injection, tool misuse) - The MCP server registration in
plugin.json
Out of scope:
- Vulnerabilities in gemini-mcp itself (report there)
- Vulnerabilities in Claude Code, MCP, or Google AI Studio (report to those vendors)
- Issues that require local code execution to exploit (the user already trusts their own machine)