| Version | Supported |
|---|---|
| 3.x | ✅ |
| 2.x | ❌ |
| 1.x | ❌ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email: 2-craze-headmen@icloud.com
- GitHub Security Advisories: Use the "Security" tab to report privately
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Fix/Patch: Depends on severity (critical: ASAP, others: within 30 days)
- Public Disclosure: After fix is released
This repository contains documentation and specification files only, not executable code. However, security concerns may include:
- Schema vulnerabilities that could allow malicious prompts to pass validation
- Documentation errors that could lead to unsafe automation practices
- Prompt injection patterns that could bypass safety gates
When using this framework:
- Never include credentials in prompt specifications
- Always use safety gates for irreversible actions
- Validate outputs before execution
- Review generated prompts before running on production systems
- Keep the framework updated for latest security improvements
We appreciate responsible disclosure and will credit security researchers who:
- Report vulnerabilities responsibly
- Allow reasonable time for fixes
- Do not publicly disclose before a fix is available
Contact: security@example.com | GitHub Security Advisories s](../../security/advisories)