Report via GitHub Security Advisories. Response within 72h.

• Prompt injection through user-defined agent configurations
• API key exposure in agent builds
• Unauthorized agent access or execution