If you discover a security vulnerability in this project, please report it responsibly. Do not open a public issue.
Contact @rdwj on GitHub.
You should receive a response within 72 hours. If the vulnerability is confirmed, a fix will be prioritized and a security advisory published.
This project provides agent team design tooling. Security concerns may include:
- Credential exposure in generated agent.yaml stubs
- Insecure defaults in trust profile configuration
- Vulnerabilities in BPMN XML parsing (e.g., XML entity expansion)
- Sensitive data in role specification files
Copyright (c) Wes Jackson 2026. Licensed under the Apache License, Version 2.0.