Security fixes are applied to the latest commit on the default branch (main). Use an up-to-date clone or packaged .vsix built from main when possible.
If you believe you have found a security vulnerability in Animatify (for example, unsafe handling of secrets, remote code execution, or data exfiltration through the extension):
- Do not open a public GitHub issue with exploit details.
- Contact the maintainer privately: open a GitHub Security Advisory for this repository, or email the repository owner if you cannot use advisories.
Include:
- A short description of the issue and impact
- Steps to reproduce (if safe to share)
- Your suggested fix (optional)
You should receive a response within a reasonable time. Please allow time for a fix before public disclosure.
Animatify stores the Gemini API key in the editor’s Secret Storage when you use Animatify: Set Gemini API Key. Do not commit keys, .env files with secrets, or screen recordings that show keys into the repository.