AgentHound is a security-analysis tool, and we take the security of the project itself seriously. We appreciate the efforts of security researchers and the wider community in helping us keep it safe.
AgentHound is in early development. Security fixes are applied to the latest release on the default branch only. Older versions are not maintained.
| Version | Supported |
|---|---|
latest (main) |
Yes |
| older releases | No |
Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.
Instead, report them privately by email:
- Email:
franciscojose.ramirezvicente@telefonica.com
When reporting, please include as much of the following as possible:
- A description of the issue and the component affected.
- Steps to reproduce, or a proof of concept.
- The potential impact, and any suggested mitigation if you have one.
- The version or commit you tested against.
- We aim to acknowledge a report within 5 business days.
- We will keep you informed as we investigate and work on a fix.
- We ask that you give us reasonable time to release a fix before any public disclosure, and we will credit reporters who wish to be acknowledged.
This policy covers the AgentHound source code in this repository. It does not cover vulnerabilities in third-party dependencies; please report those to the respective upstream projects.