Phoenix runs bash, reads files, makes network calls, and stores API keys. Security matters.
Do not open public GitHub issues for security vulnerabilities.
Report privately to: hi@harshalmore.dev
Please include:
- A description of the vulnerability
- Steps to reproduce
- The version of Phoenix affected
- Any mitigations you have identified
You will receive an acknowledgment within 72 hours. A public disclosure timeline will be agreed upon after the issue is understood.
- API key leakage (keys logged, exposed in process listings, written unencrypted where the user did not expect)
- Path traversal or arbitrary file read/write via any ability
- Command injection through abilities or the shell layer
- Prompt injection that leads to unauthorized file writes, command execution, or credential exfiltration
- Bypass of approval modes (
safe,auto) where an action that should require approval runs without one - Memory leaks of sensitive user data to other sessions, users, or the network
- Theoretical attacks without a working proof of concept
- Issues that require physical access to the machine running Phoenix
- Issues that require the user to run Phoenix in
--yolomode (this mode is explicitly documented as auto-approving everything) - Bugs in upstream dependencies (report those to the upstream project)
- The core
phoenixpackage and all modules under it - Official distribution channels (PyPI)
- Official Docker images, if any
Third-party abilities, agents, and plugins are out of scope -- report to their maintainers.
We ask that you give us reasonable time to investigate and address the issue before publishing details. In return, we will:
- Acknowledge your report within 72 hours
- Keep you informed on the progress of the fix
- Credit you in the release notes and security advisory (unless you prefer to remain anonymous)