Only the main branch is supported.
- Sensitive issues: please use GitHub security advisories.
- Non-sensitive issues: open a regular issue.
Target response time: within 7 days for valid vulnerability reports. This is a best-effort commitment, not a paid-support SLA.
This repo ships prompt files and two installers: install.sh (prompt-only) and bin/install.js (full multi-agent stack). Primary attack surface is running installers via curl | bash or npx.
Please inspect install.sh or bin/install.js before running.