Agent Flow is pre-1.0. Security fixes are applied to the latest released version only.

Please do not open a public issue for security problems.

Report privately through GitHub's private vulnerability reporting for this repository. Include:

• a description of the issue and its impact,
• the affected version (or commit),
• steps to reproduce, and a proof of concept if possible.

You can expect an initial response within a few days. Once a fix is ready, disclosure will be coordinated with you.

Agent Flow runs LLM-driven workflows on your machine and executes shell stages and subagents as instructed by the workflows you author or run. Treat untrusted WORKFLOW.md files as untrusted code: review them before running, exactly as you would a shell script. The engine itself has zero runtime dependencies (Node builtins only), which keeps its dependency attack surface minimal.