PHANTOM is an autonomous agent runtime with tool execution, persistent memory, and generated skills. Treat it as a sensitive local automation system.
If you find a security issue, please report it privately before opening a public issue.
Until a dedicated security inbox exists, use GitHub private reporting if available for the repository.
- generated skill execution
- shell and file tool safety boundaries
- messaging webhook authentication
- secret loading and redaction
- browser automation against privileged systems
PHANTOM includes:
- scoped local state
- tool confirmation controls
- webhook signature verification
- provider secret redaction
- allowlist-based skill validation
- Linux sandbox preference for generated skills
PHANTOM does not yet provide full hostile-code isolation. Do not treat it as a hardened multi-tenant execution platform.