mirror of
https://github.com/msitarzewski/agency-agents/
synced 2026-06-09 10:13:17 +00:00
Akhilesh Arora
083ce47e13
Removes the stray `EOFcat SECURITY.md` line accidentally left at the end of SECURITY.md. Closes #530. Thanks to @akhilesharora.
31 lines
1.0 KiB
Markdown
31 lines
1.0 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in this project, please report it responsibly. Do NOT open a public GitHub issue for security vulnerabilities. Open a private security advisory via GitHub Security tab.
|
|
|
|
## Response Timeline
|
|
|
|
- Acknowledgment: within 48 hours
|
|
- Initial assessment: within 7 days
|
|
- Fix or mitigation: depends on severity
|
|
|
|
## Scope
|
|
|
|
This repository contains Markdown-based agent definitions and shell scripts for installation and conversion.
|
|
|
|
### Agent files (.md)
|
|
- Non-executable prompt definitions
|
|
- No API keys, secrets, or credentials should be stored in agent files
|
|
|
|
### Shell scripts (scripts/)
|
|
- install.sh, convert.sh, and lint-agents.sh are executable
|
|
- Contributors should review scripts for unintended behavior before running
|
|
|
|
## Best Practices for Contributors
|
|
|
|
- Never commit API keys, tokens, or credentials
|
|
- Never add executable code inside agent Markdown files
|
|
- Shell scripts must be reviewed before merging
|
|
- Report suspicious agent definitions that attempt prompt injection
|