| Version | Supported |
|---|---|
| 0.5.0 | Yes |
If you discover a security vulnerability in Misdirection Proxy, please report it responsibly.
Do NOT open a public GitHub Issue for security vulnerabilities.
Instead, report via email:
- Email: amurlaniakea@gmail.com
- Subject:
[SECURITY] Misdirection Proxy vulnerability
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected component
- Potential impact assessment
You will receive a response within 48 hours.
Misdirection Proxy is a defense tool, but has limitations:
- Intention Detector: Pattern-based detection can be bypassed by novel attack prompts not matching known patterns.
- CMPE Engine: Misdirection responses are heuristic. A sufficiently sophisticated attacker may distinguish them from genuine responses.
- Adaptive Controller: The γ_A escalation is logarithmic — very persistent attackers may still succeed given enough queries.
- Context Filter: Indirect injection detection relies on pattern matching. Novel injection techniques may evade detection.
Use Misdirection Proxy as one layer in a defense-in-depth strategy.
Runtime: fastapi, uvicorn, pydantic, httpx, python-dotenv
Dev: pytest, pytest-asyncio, pytest-cov
All dependencies are pinned in pyproject.toml.