Security Policy

We take the security of Execord seriously. If you discover a vulnerability, please report it privately rather than opening a public issue.

Reporting a Vulnerability

If you find a security bug (such as a way to bypass permissions, bypass token limits, or cause the bot to execute unintended code), please contact us directly via:

• Discord: Join our Support Server and message a moderator, admin, or the founder.

Please provide as much detail as possible, including:

• A description of the vulnerability.
• Steps to reproduce it.
• Your Discord User ID (so we can credit you if you wish).

Note on Prompt Injection

Basic prompt injection (e.g., tricking the AI into saying inappropriate things or breaking its persona) is an inherent limitation of current Large Language Model technology. These instances are not considered security vulnerabilities and do not need to be reported via this channel.

However, if you find a prompt injection or any other exploit that allows the bot to do anything destructive, please report it immediately as it is a critical security issue.

Responsible Disclosure

We ask that you:

• Give us a reasonable amount of time to fix the issue before sharing it publicly.
• Do not exploit the vulnerability beyond what is necessary to prove it exists.
• Do not use the vulnerability to access or modify data that does not belong to you.

Thank you for helping keep Execord safe for everyone!