If you discover a security vulnerability in agent-guard, please report it privately rather than opening a public issue.

Email: open a private GitHub security advisory at the repository URL listed in pyproject.toml.

Include in your report:

• A description of the vulnerability
• Steps to reproduce (a minimal payload or test case is ideal)
• The version of agent-guard you tested against
• Any suggested fix if you have one

You will receive an acknowledgment within 72 hours. If the issue is confirmed, a patched release will be published as quickly as possible, typically within 7 days for high-severity issues.

In scope:

• Pattern bypasses: inputs that should be blocked but are not (false negatives)
• False positives that block clearly benign inputs in common real-world usage
• Crashes or hangs caused by crafted inputs (ReDoS, uncaught exceptions)
• Security issues in the Claude Code hook or MCP middleware integration

Out of scope:

• Bypasses that require the attacker to control agent-guard's configuration (allowlists, custom patterns, severity settings) — configuration is a trust boundary
• Issues in optional dependencies (fastmcp, pytest) not introduced by agent-guard itself

agent-guard is a defense-in-depth layer. It uses regex-based pattern matching and does not claim to catch every possible injection variant. Semantic bypasses crafted specifically to evade the published patterns are expected and are out of scope unless the bypass works against patterns that are explicitly documented as catching that variant.