Mini-Assistant-Swarm is a fork-friendly personal-use toolkit. The shared VERIFIER module exists specifically to keep AI-generated outputs from being trusted blindly. A bug in VERIFIER or in any agent built on top can let an unverified claim reach an operator who is treating the toolkit output as trustworthy.

Please do not file a public GitHub issue for a security report.

Open a private GitHub Security Advisory at github.com/aperintel/Mini-Assistant-Swarm/security/advisories/new, or email enquiries@aperintel.com with the subject line [Mini-Assistant-Swarm Security].

Include:

• The affected version or commit SHA.
• A clear description of the issue and the impact.
• A minimal reproducer.
• Whether you have publicly disclosed any part of the issue already.

You will receive an acknowledgement within 72 hours and a triage decision within 7 days. Critical issues will be patched within 14 days of confirmation.

In scope: the shared/verify.py module, the agent interface, the orchestrator, and any first-party agent we publish in this repo.

Out of scope: forks that have added their own agents (those forks are responsible for their own agents) and operator misconfiguration.

Coordinated disclosure. We publish a GitHub Security Advisory once a fix is released, credit the reporter by name and link unless they request anonymity, and bump the package with a security note in the changelog.