1. Prohibited content
- Unauthorized copyrighted content, piracy, plagiarism, unauthorized adaptation, or trademark abuse.
- Personal privacy, sensitive personal information, unauthorized datasets, internal confidential information, or information under confidentiality duties.
- Passwords, API keys, tokens, private keys, cookies, sessions, .env files, database connection strings, or other secrets.
- Malicious code, backdoors, trojans, data theft, exploits, detection evasion, or destructive automation.
- Malicious prompts, privilege-escalation instructions, data-exfiltration prompts, safety bypasses, or deceptive content.
- Unlawful, harmful, fraudulent, misleading, wash-trading, arbitrage, or platform-authorization bypass content.
2. High-risk handling
The platform may identify high-risk content through automated validation, manual review, reports, refunds, downloads, and Agent usage records, then hide, restrict sales, quarantine, pause delivery, revoke access, freeze revenue, or restrict accounts.
3. Creator safety duties
- Check package.zip, README, manifest, sample code, and templates before publishing.
- Remove secrets, personal data, third-party confidential information, and unauthorized content.
- Declare upstream references, open-source licenses, third-party data, and commercial-use restrictions.
- Do not treat a clean platform validation result as a full platform endorsement.
4. Buyer and Agent restrictions
- Do not use assets for unlawful, infringing, attacking, data theft, social engineering, or safety-bypass purposes.
- Do not remove watermarks, falsify receipts, resell delivery, or bypass platform licensing.
- Stop using and report high-risk content when discovered.
5. False positives and appeals
If creators believe platform handling is wrong, they may submit rights proof, dependency descriptions, cleaned packages, risk explanations, or other materials for review.