We take the security of HOSH seriously. If you believe you have found a security vulnerability, please do NOT open a public issue. Instead, please report it through one of the following methods:

1. GitHub Private Reporting: If enabled on the repository, use the "Report a vulnerability" button in the Security tab.
2. Contact: Reach out to the maintainer (Subhan-Haider) directly via GitHub.

We will acknowledge your report within 48 hours and provide a timeline for a fix if applicable.

• API Keys: Your OpenRouter API key is stored locally in your browser's chrome.storage.local. It is only sent to openrouter.ai to process your requests. Never share your key with anyone.
• Official Source: Only install HOSH from the official Chrome Web Store or this official GitHub repository.
• Permissions: HOSH only requests permissions necessary for its functionality (activeTab, storage, scripting, contextMenus). We do not require broad access to all websites.