Stellar AgentKit takes security seriously, especially due to its interaction with financial and blockchain operations.
If you discover a security vulnerability, please report it responsibly.
- Open a public GitHub issue
- Disclose the vulnerability publicly before a fix
- Use GitHub Security Advisories (preferred)
- Or contact the maintainers privately
We aim to acknowledge reports within 72 hours.
This policy applies to:
- SDK logic
- Contract interaction utilities
- Transaction and signing helpers
- DeFi-related operations
We appreciate responsible disclosure and will credit reporters where appropriate.