To report security vulnerabilities, please email support@kitefishai.com with details of the issue. Do not use GitHub issues for security reports. We'll acknowledge within 48 hours and provide next steps within 96 hours.
| Version | Supported |
|---|---|
| x.x.x | ✅ |
- Never hardcode API keys; use environment variables
- Set appropriate agent permissions and tool access
- Implement input validation for all data
- Use TLS/SSL for all communications
- Set resource limits to prevent abuse
- Review agent prompts to prevent prompt injection
- Keep all dependencies updated
Security issues will be disclosed after a fix is available, typically within 90 days of the report.
This policy is subject to change. Last updated: March 15, 2025.