We take the security of the agents-repo ecosystem seriously.
Do not report security vulnerabilities in public GitHub issues, discussions, or pull requests.
Report vulnerabilities privately using GitHub Private Vulnerability Reporting on the affected repository:
| Repository | Report URL |
|---|---|
registry |
https://github.com/agents-repo/registry/security/advisories/new |
webapp |
https://github.com/agents-repo/webapp/security/advisories/new |
registry-proxy |
https://github.com/agents-repo/registry-proxy/security/advisories/new |
.github |
https://github.com/agents-repo/.github/security/advisories/new |
Please include as much of the following as you can:
- Affected repository and file paths
- Steps to reproduce the issue
- Impact assessment
- Proof of concept, if available
Maintainers aim to acknowledge reports within 5 business days. We will coordinate with you on validation, remediation, and disclosure timing before any public announcement.
Security fixes generally target the latest release on the default branch of the affected repository unless that repository documents a different support policy.