We take security seriously. If you discover a security vulnerability in agent-security-scanner-mcp, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please email us at: security@sinewave.ai
Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Resolution Timeline: Depends on severity, typically 30-90 days
| Severity | Description | Target Resolution |
|---|---|---|
| Critical | RCE, data exfiltration | 7 days |
| High | Privilege escalation, auth bypass | 14 days |
| Medium | Information disclosure | 30 days |
| Low | Minor issues | 90 days |
| Version | Supported |
|---|---|
| 2.x.x | ✅ Yes |
| 1.x.x | ❌ No (upgrade recommended) |
When using this tool:
- Keep Updated: Always use the latest version
- Review Prompts: The prompt scanner helps, but review AI instructions manually for sensitive operations
- Verify Packages: Use hallucination detection before installing AI-suggested packages
- Scan Before Commit: Run security scans before committing code
| Version | Issue | Fixed In |
|---|---|---|
| < 2.0.0 | Command injection in file path handling | 2.0.0 |
We thank the security researchers who help keep this project secure. Contributors will be acknowledged here (with permission).