Do not open a public GitHub issue for security vulnerabilities.

Email security reports to: contact.agentgate@gmail.com

Include:

• Description of the vulnerability
• Steps to reproduce
• Affected endpoints or components
• Potential impact assessment

• Acknowledgment: within 48 hours
• Initial assessment: within 5 business days
• Fix timeline: depends on severity, typically within 30 days for critical issues

The following are in scope:

• MoltGrid API (api.moltgrid.net)
• Authentication and authorization bypass
• Data exposure or leakage
• Injection vulnerabilities (SQL, command, etc.)
• Cryptographic weaknesses

The following are out of scope:

• Denial of service attacks
• Social engineering
• Physical security
• Third-party services

We appreciate responsible disclosure. Contributors who report valid vulnerabilities will be acknowledged in release notes (unless they prefer to remain anonymous).