Agent Feed is currently pre-1.0. Security fixes target the latest released version.
Please do not open a public issue for a suspected vulnerability.
Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled yet, contact the repository owner directly through the contact method listed on the GitHub profile.
Security-sensitive reports include:
- Unsafe overwrite or deletion of user files.
- Generated instructions that could cause AI tools to expose secrets or perform destructive actions.
- Packaging or release process compromise.
- Dependency issues that affect the installed CLI.
Agent Feed does not run a hosted service and does not collect user data.