This repository contains TOML content definitions (agents, hands, integrations, skills, plugins, providers). Security concerns include:
- Malicious content in system prompts or descriptions
- Command injection in integration transport commands
- Integration URLs pointing to phishing or malicious sites
- Credential exposure in TOML files
Do NOT open a public issue for security vulnerabilities.
Email security@librefang.dev with:
- Description of the vulnerability
- Affected file(s) and content type
- Steps to reproduce or exploit
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Assessment: within 5 business days
- Fix: dependent on severity, typically within 2 weeks
| Version | Supported |
|---|---|
| main branch | Yes |
| Other branches | No |