-
-
Notifications
You must be signed in to change notification settings - Fork 5
Security Policy
CortexPrism edited this page Jun 17, 2026
·
1 revision
| Version | Supported |
|---|---|
| 0.33.x (latest) | Yes |
| < 0.33 | No — please upgrade |
Do not open a public GitHub issue. Email:
Include:
- Description of the vulnerability and impact
- Steps to reproduce
- Affected versions
- Suggested mitigations
| Timeline | Action |
|---|---|
| Within 48 hours | Acknowledgment of report |
| Within 7 days | Initial assessment and severity classification |
| Within 30 days | Patch developed and tested |
| On fix release | Public disclosure with credit |
We follow responsible disclosure.
See the Security page for details on:
- Parallax Policy Validator
- AES-256-GCM Vault
- Cortex Lens audit log
- Sandbox isolation
- No telemetry policy
- Policy validator operates on intent strings — best-effort filter
- LLM prompt injection through untrusted content is a risk
- Subprocess code execution has no container isolation — use Docker for untrusted code
deno run --allow-net https://deno.land/x/deno_audit/main.tsReport outdated or vulnerable dependencies via the private email channel above, or as a regular GitHub issue if the vulnerability is already public.
CortexPrism — Open-source agentic AI harness · MIT License · Built with Deno 2.x + TypeScript