We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
If you discover a security vulnerability within Awesome Agent Templates, please send an email to the maintainers through GitHub's private vulnerability reporting feature or create a security advisory.
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- We will acknowledge your email within 48 hours
- We will provide a more detailed response within 7 days
- We will work on a fix and release it as soon as possible
- We will credit you in the security advisory (unless you prefer to remain anonymous)
When contributing agent templates:
- Never include sensitive data in templates (API keys, passwords, tokens)
- Validate all inputs in system prompts
- Use secure tool providers with proper authentication
- Document security requirements in agent metadata
- Follow principle of least privilege in tool permissions
- Test agents in sandboxed environments before deployment
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find similar problems
- Prepare fixes for all supported versions
- Release new versions as soon as possible
Thank you for helping keep Awesome Agent Templates and our community safe!