Security

We take security seriously. If you find a vulnerability, please tell us so we can fix it.

Responsible disclosure

Please give us a reasonable window to fix the issue before public disclosure. We aim to acknowledge receipt within 48 hours and triage within 7 days.

https://www.nalandaprompts.com and any subdomain
Authentication, authorization, data exposure, injection, XSS, CSRF, SSRF, RCE, business logic flaws

Denial of service via volumetric attacks
Social engineering of our team
Issues in third-party services we use (please report those to the vendor directly)
Theoretical issues without proof of impact

We are a pre-launch solo project with no funding. We cannot pay rewards but we will credit your finding publicly if you wish.

We take security seriously. If you find a vulnerability, please tell us so we can fix it.

Please give us a reasonable window to fix the issue before public disclosure. We aim to acknowledge receipt within 48 hours and triage within 7 days.

https://www.nalandaprompts.com and any subdomain
Authentication, authorization, data exposure, injection, XSS, CSRF, SSRF, RCE, business logic flaws

Denial of service via volumetric attacks
Social engineering of our team
Issues in third-party services we use (please report those to the vendor directly)
Theoretical issues without proof of impact

We are a pre-launch solo project with no funding. We cannot pay rewards but we will credit your finding publicly if you wish.