Skip to content

Security: jremick/agentic-org

SECURITY.md

Security Policy

Agentic Org is a public reference design for agent roles and operating boundaries. Most issues will be documentation problems, but security reporting is still appropriate for unsafe role authority, secret-handling guidance, vulnerable tool recommendations, or examples that could expose private data.

Reporting

Use GitHub private vulnerability reporting when available:

https://github.com/jremick/agentic-org/security/advisories/new

If that path is unavailable, open a minimal public issue asking for a private reporting channel. Do not include exploit details, secrets, credentials, customer data, internal strategy, or private operational context in public issues.

Public Issues

Public issues are appropriate for broken links, unclear role boundaries, missing rationale, and general documentation improvements.

Do not post:

  • real secrets, tokens, private keys, or .env values
  • private customer, employer, or internal operating details
  • production incident timelines or vulnerable infrastructure details
  • copied proprietary agent instructions or private prompts

There aren't any published security advisories