Please do not report security vulnerabilities through public GitHub issues.
Use GitHub private vulnerability reporting if enabled for this repository, or contact the maintainer directly through the published maintainer contact path: https://github.com/xormania
Security reports may include:
- command execution issues
- unsafe file writes
- protected-surface bypasses
- authority-boundary bypasses
- workflow or handoff integrity issues
- unsafe install or self-install behavior
- secrets exposure
- unexpected network behavior
The following are generally out of scope unless they demonstrate a concrete security impact:
- speculative social engineering scenarios
- broad best-practice suggestions without an exploit path
- dependency version churn without a reachable vulnerability
- issues requiring maintainer credentials or local administrative compromise
Agently is maintainer-directed. Security fixes may be handled privately before public disclosure.