OpenAgent is under active development. Security fixes are expected to land on the latest maintained code in this repository.
Do not open a public issue for suspected vulnerabilities.
Use a private reporting channel instead:
- Preferred: use the repository host's private vulnerability reporting feature for this repository.
- Otherwise, contact Walden AI Lab through the repository owner contact channel on the repository hosting profile before any public disclosure.
Include the following in your report:
- Affected component and version or commit
- Reproduction steps or proof of concept
- Impact assessment
- Any suggested remediation or mitigation
The project aims to acknowledge reports promptly and coordinate a fix before public disclosure when feasible.
Please report issues that affect:
- Remote code execution or command execution bypasses
- Path traversal or workspace escape bugs
- Credential exposure or secret leakage
- Authentication, authorization, or approval bypasses
- Unsafe default configurations with realistic impact