If you discover a security vulnerability in this project, please report it responsibly by emailing fmaldonado@summan.com with the subject line "Security Vulnerability Report."
Please do not open a public issue for security vulnerabilities.
Include in your report:
- A description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
- Suggested fix (if you have one)
We will:
- Acknowledge receipt within 48 hours
- Investigate the issue
- Work with you to develop a fix
- Coordinate a responsible disclosure timeline
This framework is designed to work with AI tools that have autonomous file manipulation and terminal execution capabilities. Users should:
- Only use this framework with tools and tokens they trust
- Review generated code before executing it
- Be cautious with sensitive data in prompts
- Use
.gitignoreand.aind/to keep project context private
We regularly review and update dependencies for known vulnerabilities. If you find a vulnerable dependency, please report it following the process above.