If you believe you have found a security vulnerability in AgentLink, please report it privately through GitHub's private vulnerability reporting / advisory workflow.
Do not open a public GitHub issue for security vulnerabilities.
When reporting a vulnerability, include as much of the following as possible:
- affected component or area
- steps to reproduce
- expected behavior
- actual behavior
- impact assessment
- any proof-of-concept or logs that help explain the issue safely
AgentLink is currently in a pre-release / MVP-stage state.
Security fixes are applied to the current main development line unless otherwise stated.
After a report is received, maintainers will review the issue, validate impact, determine remediation priority, and coordinate a fix and disclosure approach as appropriate.
Response times may vary depending on severity, complexity, and maintainer availability, but reports will be handled privately and in good faith.
Please do not disclose vulnerabilities publicly until maintainers have had a reasonable opportunity to investigate and address the issue.