-
Notifications
You must be signed in to change notification settings - Fork 0
SECURITY
John Williams edited this page Mar 9, 2026
·
1 revision
If you discover a security vulnerability in ARGUS, please do NOT open a public GitHub issue.
Email: security@googleadsagent.ai
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your suggested fix (if any)
We will respond within 48 hours and aim to patch critical issues within 7 days.
In scope:
- Worker API authentication bypass
- D1 SQL injection vectors
- Rate limiting bypass
- Admin dashboard unauthorized access
- Evidence vault unauthorized read/write
- Extension content script XSS
Out of scope:
- Detection accuracy (not a security issue — open a regular issue)
- Cloudflare infrastructure itself
- Third-party API services (GPTZero, Hive, etc.)
We follow a 90-day disclosure policy. After 90 days from your report, we will publicly disclose the vulnerability regardless of patch status, with credit to you unless you prefer anonymity.