Skip to content

Security: nimit2801/Agentic-AI-For-Good

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.x Yes

Reporting a Vulnerability

Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities by emailing: security@agenticaiforgood.com

Include in your report:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

What to Expect

  • Acknowledgement within 48 hours
  • Status update within 7 days
  • Fix timeline communicated based on severity (critical issues prioritised)

Scope

In scope:

  • The Next.js web application (agenticaiforgood.com)
  • The hosted MCP server (/api/mcp)
  • The npm package (agentic-ai-for-good-mcp)
  • Supabase Row Level Security policies

Out of scope:

  • Rate limiting / volumetric DDoS
  • Issues requiring physical access to our infrastructure
  • Social engineering attacks targeting team members
  • Vulnerabilities in third-party dependencies (report those upstream)

Disclosure Policy

We follow coordinated responsible disclosure. We ask that you:

  • Give us reasonable time to investigate and fix before public disclosure
  • Avoid accessing, modifying, or deleting data belonging to other users
  • Do not perform actions that could degrade availability for others

We will publicly credit researchers who report valid vulnerabilities (unless you prefer to remain anonymous).

There aren't any published security advisories