Security fixes apply to the latest published version of this marketplace and the latest published version of the pico-spatial-agentic-tools plugin.
Please report suspected vulnerabilities through the PICO developer support portal: https://developer.picoxr.com/support. If a dedicated security contact is published for your region or program, use that channel and include:
- affected plugin or marketplace version
- affected host or CLI environment
- reproduction steps
- impact assessment
- any logs or proof-of-concept details that are safe to share
Do not disclose vulnerabilities publicly until maintainers have confirmed the issue and coordinated a fix.
Reports are in scope when they involve this marketplace's distributable content, including plugin manifests, MCP configuration, bundled skills, examples, and scripts shipped inside the plugin.
Reports about third-party hosts, package managers, device firmware, or external services should also be reported to the responsible upstream vendor.