Skip to content

Security: kaycke1337/agent-evals

Security

SECURITY.md

Security Policy

Supported Versions

Agent Evals is early-stage software. Security fixes target the latest version on the default branch.

Reporting a Vulnerability

Please report security issues privately instead of opening a public issue.

If GitHub private vulnerability reporting is enabled for the repository, use that channel. Otherwise, contact the repository owner directly through GitHub.

Handling Sensitive Data

Agent Evals may process prompts, model outputs, traces, and evaluation metadata. Treat those inputs as sensitive by default.

  • Do not commit API keys or provider credentials.
  • Do not store production user data in example suites or baselines.
  • Scrub private prompts, traces, and outputs before sharing reports.
  • Prefer environment variables or secret managers for credentials.
  • Review CI artifacts before making them public.

There aren't any published security advisories