Skip to content

Security

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in AgentKitMarket or any AgentKitProject service, please report it responsibly by emailing hello@agentkit-project.com with the subject "Security Vulnerability Report". Please do not publicly disclose vulnerabilities before we have had a chance to investigate and address them.

Responsible Disclosure Policy

We ask that security researchers:

  • Report vulnerabilities privately before public disclosure.
  • Allow reasonable time to investigate and remediate (typically 90 days).
  • Do not access, modify, or delete user data beyond what is necessary to demonstrate the vulnerability.
  • Do not perform denial-of-service attacks or social engineering against our team or users.

We will acknowledge receipt of your report within 3 business days and keep you informed of our progress. We will not take legal action against researchers who follow this policy in good faith.

Scope

In scope: market.agentkitproject.com, forge.agentkitproject.com, profile.agentkitproject.com, forge.agentkitproject.com, and associated APIs.

Out of scope: third-party services (WorkOS, Stripe, AWS), social engineering, physical attacks.

security.txt

Our security contact information is available at /.well-known/security.txt.

Last updated: June 2026.

Security — AgentKitMarket