We take the security of AI Sidekick very seriously. If you have discovered a security vulnerability, please DO NOT open a public issue.
Instead, please report it privately by contacting the maintainer directly: Maurizio Delmonte (miziodel)
We will review your report and respond as soon as possible.
AI Sidekick is designed with security in mind:
- Client-Side Storage: API keys are stored in
chrome.storage.local(unencrypted) orchrome.storage.sync(encrypted with AES-GCM + PBKDF2). - No Analytics: We do not track user activity or collect personal data.
- Content Security Policy (CSP): We strictly adhere to Manifest V3 CSP. We vendored
marked.jsto avoid remote code execution risks.