Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting

Please report suspected security issues privately to the maintainers rather than disclosing them publicly first.

Until a dedicated disclosure channel is documented, route reports through the SocioProphet maintainers.

Scope

Security concerns may include:

secret handling
policy bypass
provenance tampering
confidence/explanation spoofing
warehouse exposure
activation leakage
adapter-level supply-chain risk

Expectations

do not commit secrets
preserve least privilege
treat policy and privacy controls as security features, not optional extras

There aren't any published security advisories