Skip to content

Security: theepankaja/payhere-agent-docs

Security

SECURITY.md

Security Policy

Scope

This project serves publicly available PayHere documentation to AI coding agents. It does not handle payments, credentials, or sensitive user data.

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly:

  1. Do not open a public GitHub issue for security vulnerabilities
  2. Email the maintainer at the contact information on theepankaja.website
  3. Include a description of the vulnerability and steps to reproduce

Response Timeline

  • Acknowledgment within 48 hours
  • Fix or mitigation within 7 days for confirmed vulnerabilities

What to Report

  • Vulnerabilities in the MCP server code
  • Input injection or sanitization issues
  • Dependency vulnerabilities
  • Information disclosure issues

Out of Scope

  • Vulnerabilities in PayHere's official services (report to PayHere directly)
  • Issues with third-party dependencies (report upstream)
  • Social engineering attacks

There aren't any published security advisories