If you believe you have found a security issue in this plugin, please report it privately. Do not open a public GitHub issue for security reports.

• Email: security@taboola.com
• Include: a description of the issue, reproduction steps, and any relevant context (plugin version, Claude Code version, whether remote or local MCP was in use).

You can expect an initial acknowledgment within a few business days.

This repository contains:

• Plugin configuration (.claude-plugin/plugin.json, .mcp.json)
• Markdown skills and an orchestrator agent
• Documentation and test scenarios

It does not bundle the Realize MCP server itself. For vulnerabilities in the MCP server, please report them to taboola/realize-mcp directly.

• User-supplied content (prompts, saved account_ids) stored locally in .claude/*.local.md. These files are gitignored and contain only per-user preferences — no tokens are stored by this plugin.
• OAuth token handling, which is performed by the Claude Code MCP transport layer, not by this plugin.