We release patches for security vulnerabilities. Currently supported versions:

If you discover a security vulnerability within CLI Agent Template, please follow these steps:

1. DO NOT open a public issue
2. Email the details to the repository maintainer through GitHub
3. Include the following information:
   • Type of vulnerability
   • Full paths of source file(s) related to the vulnerability
   • The location of the affected source code (tag/branch/commit or direct URL)
   • Any special configuration required to reproduce the issue
   • Step-by-step instructions to reproduce the issue
   • Proof-of-concept or exploit code (if possible)
   • Impact of the issue, including how an attacker might exploit it

When using CLI Agent Template:

1. Never commit sensitive data

   • API keys, tokens, passwords should never be in your repository
   • Use environment variables for sensitive configuration
   • Add sensitive files to .gitignore

2. Review generated code

   • Always review code generated by AI agents before committing
   • Check for hardcoded credentials or sensitive information
   • Validate that generated code follows security best practices

3. Keep dependencies updated

   • Regularly update Python dependencies with pip install --upgrade -r requirements.txt
   • Monitor for security advisories in dependencies

4. Audit agent access

   • Be aware of what files and commands your AI agents can access
   • Use the dry-run options when available
   • Review the session logs to understand what actions were taken

We appreciate responsible disclosure of security vulnerabilities. Contributors who report valid security issues will be acknowledged in our security advisory.