Please do not open public issues for security-sensitive reports.
Instead, contact:
- Email: calvinsturm@gmail.com
- Subject:
[LocalAgent Security] <short title>
Include:
- Affected version/commit
- Reproduction steps
- Impact assessment
- Suggested mitigation (if known)
- Initial acknowledgement target: within 72 hours
- Triage + severity classification: as quickly as possible
- Patch timeline depends on severity and exploitability
Security reports are most helpful when they relate to:
- Trust/approval bypass
- Tool execution gate bypass
- Policy enforcement bypass
- Sensitive data leakage from artifacts/events/logs
- Unsafe defaults regression