If you discover a security vulnerability in gemini-obsidian, please report it responsibly.
Do not open a public issue. Instead, email the maintainer or use GitHub's private vulnerability reporting.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
gemini-obsidian runs entirely locally — no data is sent to external services. The primary security considerations are:
- File system access — the extension reads and writes files in your Obsidian vault
- Local embedding model — runs via onnxruntime-node, no network calls
- LanceDB storage — vector index stored locally on disk
Only the latest release is actively supported with security updates.