Do NOT open a public GitHub issue for security vulnerabilities.
If you discover a security vulnerability in aigate, please report it responsibly:
- Email: Send a detailed report to the maintainers via GitHub private vulnerability reporting.
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 days.
The following are in scope for security reports:
| Area | Examples |
|---|---|
| Pre-filter bypass | A malicious package that evades all static checks |
| AI prompt injection | Crafted package code that manipulates AI model output to return "safe" |
| Code execution | Any path where aigate executes package code instead of just reading it |
| Credential exposure | API keys, tokens, or sensitive data leaked in logs or output |
| Dependency vulnerabilities | Vulnerabilities in aigate's own dependencies |
| GitHub Action security | Action input injection, secret leakage, or privilege escalation |
- Detection accuracy (false positives / false negatives) -- please use the false positive template instead
- Feature requests
- Issues in third-party AI model behavior (Claude, Gemini, Ollama)
| Version | Supported |
|---|---|
Latest on main |
Yes |
| PyPI releases | Yes |
| Older releases | Best effort |
aigate is built with these security principles:
- Never execute package code -- the resolver only downloads and extracts source archives
- Fail-open by design -- if aigate crashes, package installation proceeds (safety over availability)
- No secrets in config -- AI backends use CLI tools that manage their own auth
- Minimal permissions -- the GitHub Action only needs read access to the repository
We appreciate the security research community's efforts in keeping the software supply chain safe. Reporters who follow responsible disclosure will be credited in release notes (unless they prefer anonymity).