Skip to content

Latest commit

 

History

History
41 lines (27 loc) · 1.31 KB

File metadata and controls

41 lines (27 loc) · 1.31 KB

Security Policy

Supported Versions

Version Supported
0.5.x Yes

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly:

  1. Do NOT open a public GitHub issue
  2. Email security concerns to the maintainers directly
  3. Include a description of the vulnerability and steps to reproduce

We will respond within 48 hours and provide a fix timeline.

Security Measures

autoforge implements the following security controls:

OWASP Agentic Top 10 Compliance

Risk Mitigation
ASI01: Agent Goal Hijack Prompt injection detection hooks
ASI02: Tool Misuse Minimal-privilege tool configuration
ASI06: Data Leakage Secret leak detection in LLM output
ASI07: Unsafe Code Execution Syntax validation on all edits, command blocklist
ASI08: Uncontrolled Autonomy Human approval gate for production deploys

Hook System

  • Prompt injection detection: 7 patterns checked on all LLM inputs
  • Secret leak prevention: API keys, private keys, tokens detected and blocked
  • Command blocklist: sudo, rm -rf /, curl, etc. blocked in ACI toolkit

Cross-Model Review

Test and Security agents use a different LLM model than the code generator, eliminating self-evaluation bias.