Agentic Org is a public reference design for agent roles and operating boundaries. Most issues will be documentation problems, but security reporting is still appropriate for unsafe role authority, secret-handling guidance, vulnerable tool recommendations, or examples that could expose private data.
Use GitHub private vulnerability reporting when available:
https://github.com/jremick/agentic-org/security/advisories/new
If that path is unavailable, open a minimal public issue asking for a private reporting channel. Do not include exploit details, secrets, credentials, customer data, internal strategy, or private operational context in public issues.
Public issues are appropriate for broken links, unclear role boundaries, missing rationale, and general documentation improvements.
Do not post:
- real secrets, tokens, private keys, or
.envvalues - private customer, employer, or internal operating details
- production incident timelines or vulnerable infrastructure details
- copied proprietary agent instructions or private prompts