Please report security vulnerabilities privately. Do not open a public issue.
Email: muffy86@users.noreply.github.com (or use GitHub's private vulnerability reporting — enabled on every repo)
- 24h acknowledgement of your report
- 72h triage with severity assessment
- 7d remediation timeline for high/critical
- Public disclosure coordinated with you, 30-90d post-fix (per severity)
- Credit in the fix commit and (if you want) in this SECURITY.md
All repos under muffy86 and Muffy1 are in scope for security reports:
- Agent frameworks (
Autonomous-AI-orchestration-agent,autonomous-generalist-agent, etc.) - Platform repos (
agent-workspace,kortix-frontend,nexus-ai-website) - AI products (
aura-ai-copilot,mind-weaver,dent-ai-vision-suite,intelligent-telegram-bot)
- Third-party deps (please report to upstream)
- Best-practice suggestions (open an issue)
- Social engineering / phishing reports (use GitHub's bug bounty)
- 2026-06-07 — npm supply-chain stealer (preinstall.js) detected in 18 repos, removed; tokens rotated. See
GITHUB_INCIDENT_REPORT.mdin agent-workspace.
- TBD