If you discover a security vulnerability in agentproof, please report it through GitHub's private vulnerability reporting.

Do not open a public issue for security vulnerabilities.

agentproof executes user-defined verifiers which may run subprocesses (shell commands, scanners, compilers). The SDK does not sandbox these executions. Users are responsible for ensuring verifiers run trusted commands in trusted environments.

Only the latest release receives security updates.