If you discover a security vulnerability in @amigo-ai/forge-tools, report it responsibly.
Email: security@amigo.ai
Please include:
- A description of the issue
- Steps to reproduce it
- The package version you are using
- Any potential impact you have identified
- Acknowledgment within 48 hours
- Initial assessment within 5 business days
- Resolution target within 90 days of confirmed vulnerabilities
This policy covers the @amigo-ai/forge-tools npm package and repository. For vulnerabilities in the Amigo API or platform itself, contact security@amigo.ai.
We follow coordinated disclosure. Do not publicly disclose vulnerabilities until we have issued a fix and confirmed it is safe to do so.