aimask custodies a user's OpenRouter credential and meters their spend, so security reports are treated as high priority.
Please do not open a public issue for a security problem. Instead, report it privately:
- Preferred: open a draft advisory at https://github.com/gantrydev/aimask/security/advisories/new
- Alternative: reach the maintainers via https://gantryops.dev
Include the affected component (extension background worker, the page ↔ background bridge, the
@aimask/sdk package, or the site), a description, reproduction steps, and the impact. Expect an
acknowledgement within 3 business days, and a fix or mitigation plan within 14 days for confirmed
issues.
In scope:
- The extension: credential storage, the inpage ↔ content ↔ background bridge, and consent / budget enforcement.
- The
@aimask/sdkpackage. - The wire protocol and its trust boundaries: see SPEC.md §2 (design principles, especially key custody and untrusted outputs) and §10 (iframe / origin rules).
Out of scope: vulnerabilities in OpenRouter, in the browser itself, or in a website that consumes
window.aimask. Per SPEC.md §2, model outputs are untrusted; a site that mishandles a completion
is the site's bug, not aimask's.
The credential never leaves the background worker and is stored encrypted (AES-GCM-256). Any path by which a page, content script, or the SDK can read the credential, spend without a matching grant, or exceed a granted per-origin budget is the highest severity.