This is a security research project, not a general-purpose library. I'm not actively seeking contributions, but I welcome bug fixes and meaningful documentation improvements.
- Bug fixes with clear reproduction steps
- Documentation improvements that add real value (not cosmetic rewording)
- Test improvements that catch real bugs
- AI-generated slop PRs (auto-generated refactors, mass linting, vague "improvements")
- Large PRs without prior discussion
- New features without reaching out first
- Cosmetic-only changes
- Reach out first for anything beyond a small bug fix. Contact the maintainer:
- Twitter/X: @kmcquade3
- Cloud Security Forum Slack: Kinnaird McQuade
- Fork the repo and create a feature branch
- Make sure all tests pass:
cd attacker-infra && make test - No secrets, credentials, or account IDs in commits
- One PR per issue/fix
- Write a clear description explaining what and why, with screenshots where applicable
git clone https://github.com/BeyondTrust/agentcore-sandbox-breakout.git
cd agentcore-sandbox-breakout/attacker-infra
make setup
make testfix: Handle chunk retry returning 0.0.0.0 in DNS server
docs: Add VPC mode mitigation steps to README
test: Add integration test for multi-session handling
If you're interested in building a generic multi-tenant DNS exfiltration server (not scoped to this repo), reach out to the maintainer directly. Happy to discuss.
By contributing, you agree that your contributions will be licensed under the MIT License.