If you believe you've found a security vulnerability in Agent Library, please do not open a public GitHub issue.
Instead, report it privately by email to security@arcade.dev. Include:
- A description of the issue and the impact you believe it has.
- Steps to reproduce, or a proof-of-concept if you have one.
- Any suggested mitigations.
We'll acknowledge receipt and work with you on a coordinated disclosure timeline.
Agent Library is a community project, not an official Arcade.dev product (see the README for the full support story). Security reports for the project itself are still routed through security@arcade.dev so they're handled with the same disclosure process Arcade.dev uses internally.