| Version | Supported |
|---|---|
| 0.4.x | ✅ |
DetectorOracle follows these security principles. Every contributor and every pattern must comply.
-
Default local-only. DetectorOracle reviews code locally. It does not upload user code to any remote service unless the user explicitly sets
DETECTORACLE_ALLOW_REMOTE_LLM=1. The legacyISSUEORACLE_ALLOW_REMOTE_LLM=1flag is also accepted during migration. -
GitHub content is untrusted input. Issues, PRs, comments, and diffs from GitHub are treated as untrusted data. They may contain prompt injection, misleading information, or malicious content.
-
No command execution from issue/PR content. DetectorOracle never executes commands, scripts, or code snippets found in GitHub issues, PRs, or comments.
-
No saving user code to pattern packs. Pattern packs contain metadata (bug type, signals, evidence links), not copies of user code. Example code in eval fixtures is synthetic or minimal, never copied from user repositories.
-
No redistribution of GitHub content. DetectorOracle stores evidence links (URLs) and metadata (issue numbers, PR numbers), not full issue bodies, comment text, or PR diffs. Pattern evidence fields are short references, not verbatim copies.
-
No auto-modification. DetectorOracle does not automatically edit code, commit changes, or open pull requests. It reports findings; the developer decides what to do.
If you discover a security vulnerability in DetectorOracle, please report it responsibly:
- Do not open a public issue.
- Email
bzcsk2@users.noreply.github.comwith the subject[SECURITY] DetectorOracle vulnerability. - Include a description of the vulnerability, steps to reproduce, and any potential impact.
- We will acknowledge within 48 hours and aim to resolve within 7 days.
See skills/detectoracle/references/threat-model.md for the full threat model covering attack surfaces, mitigations, and trust boundaries.