agent-card-stamp is a pure-transform library and CLI: it reads a JSON struct and emits a JSON card. No network listener, no remote fetch, no execution of user-supplied code, no live agent invocation.
The input may include internal model identifiers, tool names, and incident-response URIs that are sensitive in your environment. The output card includes those values verbatim — be deliberate about where you publish the stamped card.
Only the latest tagged release is supported.
Please use GitHub Security Advisories for private disclosure:
Do not file public issues for security reports.