edgardong/agency-agents
1
0
Fork 0
mirror of https://github.com/msitarzewski/agency-agents synced 2026-04-25 11:18:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
agency-agents/SECURITY.md
CharlyP 6b294e34f5
docs: add SECURITY.md policy (#410) 
Adds SECURITY.md with responsible disclosure process, scope clarification, and response SLAs.
2026-04-10 18:55:01 -05:00

1.1 KiB
Raw Blame History

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly. Do NOT open a public GitHub issue for security vulnerabilities. Open a private security advisory via GitHub Security tab.

Response Timeline

  • Acknowledgment: within 48 hours
  • Initial assessment: within 7 days
  • Fix or mitigation: depends on severity

Scope

This repository contains Markdown-based agent definitions and shell scripts for installation and conversion.

Agent files (.md)

  • Non-executable prompt definitions
  • No API keys, secrets, or credentials should be stored in agent files

Shell scripts (scripts/)

  • install.sh, convert.sh, and lint-agents.sh are executable
  • Contributors should review scripts for unintended behavior before running

Best Practices for Contributors

  • Never commit API keys, tokens, or credentials
  • Never add executable code inside agent Markdown files
  • Shell scripts must be reviewed before merging
  • Report suspicious agent definitions that attempt prompt injection EOFcat SECURITY.md