Security
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in AgentKitMarket or any AgentKitProject service, please report it responsibly by emailing hello@agentkit-project.com with the subject "Security Vulnerability Report". Please do not publicly disclose vulnerabilities before we have had a chance to investigate and address them.
Responsible Disclosure Policy
We ask that security researchers:
- Report vulnerabilities privately before public disclosure.
- Allow reasonable time to investigate and remediate (typically 90 days).
- Do not access, modify, or delete user data beyond what is necessary to demonstrate the vulnerability.
- Do not perform denial-of-service attacks or social engineering against our team or users.
We will acknowledge receipt of your report within 3 business days and keep you informed of our progress. We will not take legal action against researchers who follow this policy in good faith.
Scope
In scope: market.agentkitproject.com, forge.agentkitproject.com, profile.agentkitproject.com, forge.agentkitproject.com, and associated APIs.
Out of scope: third-party services (WorkOS, Stripe, AWS), social engineering, physical attacks.
security.txt
Our security contact information is available at /.well-known/security.txt.
Last updated: June 2026.