We take security seriously and provide security updates for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability within Agents CLI, please send an email to security@agents-cli.org. All security vulnerabilities will be promptly addressed.
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if available)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Status Updates: Weekly until resolved
- Resolution: Depending on severity and complexity
Agents CLI handles:
- OpenAI API keys and credentials
- File system access through tools
- Execution of configured workflows
- MCP server connections
We implement security measures including:
- No credential logging or storage
- Configurable access controls and guardrails
- Tool execution sandboxing
- Secure credential management practices
We follow responsible disclosure practices:
- Report received and acknowledged
- Vulnerability investigated and confirmed
- Fix developed and tested
- Security advisory published
- Fix released and users notified
- Public disclosure after users have had time to update
Thank you for helping keep Agents CLI and its users safe!