AgentGo is a text protocol: the deliverable is AGENTS.md itself. A "vulnerability" here is usually a protocol-level weakness — wording that lets untrusted content gain instruction authority (prompt-injection laundering), permission rules that contradict each other, or unsafe defaults in the documented install/update flows.
- For protocol weaknesses, ambiguities, or unsafe defaults that carry no immediate exploitation risk, open a regular GitHub issue.
- For anything you would not want public before a fix lands (for example a realistic injection chain against downstream users), use GitHub private vulnerability reporting.
Please cite the exact file and line plus a concrete misuse scenario. Expect an initial response within a week.
- The protocol's trust tiers are best-effort heuristics, not a guaranteed boundary —
AGENTS.mdstates this explicitly. A report that text rules cannot stop prompt injection in general is already acknowledged; what helps is a specific wording flaw with a suggested fix direction. - Runtime enforcement (permissions, sandboxing, network controls) belongs to the agent tools themselves; please report tool bugs upstream to the respective projects.
- The supported version is the latest release tag. Pinned older installs should update via the flow described in the README FAQ.