-
Notifications
You must be signed in to change notification settings - Fork 7
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
[ASI02] cli_execute workDir path confinement — reads escape to /etc/passwd (GAP-PATH)
asi02OWASP ASI02OWASP ASI02asi05OWASP ASI05OWASP ASI05forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#235 In initializ/forge;[ASI05] Dependency-lockfile-poisoning guard (low) — close ASI05 residual
asi05OWASP ASI05OWASP ASI05forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#234 In initializ/forge;[ASI08] Blast-radius quotas + circuit breaker (planner/executor) — close ASI08 #7
asi08OWASP ASI08OWASP ASI08forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#233 In initializ/forge;[ASI03] Task-scoped short-lived tokens per invocation — close ASI03 #1
asi03OWASP ASI03OWASP ASI03forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformanceplatformInitializ Platform (governance control plane) responsibilityInitializ Platform (governance control plane) responsibilitysecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#232 In initializ/forge;[ASI02] MCP tool-name pinning / typosquat-resistant resolution — close ASI02 #7
asi02OWASP ASI02OWASP ASI02forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#231 In initializ/forge;[ASI10/ASI08/ASI09] Continuous behavioral-integrity check vs declared manifest + attestation — close ASI10 #5,#6
asi08OWASP ASI08OWASP ASI08asi09OWASP ASI09OWASP ASI09asi10OWASP ASI10OWASP ASI10forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformanceplatformInitializ Platform (governance control plane) responsibilityInitializ Platform (governance control plane) responsibilitysecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#230 In initializ/forge;[ASI01] Runtime intent validation gate + signed intent capsule — close ASI01 #4,#5
asi01OWASP ASI01OWASP ASI01forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#229 In initializ/forge;[ASI04] Remote-skill signature verification (fail-closed) — close ASI04 #1/#2 remote tier
asi04OWASP ASI04OWASP ASI04forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#228 In initializ/forge;[ASI04] SBOM/AIBOM emission + supply-chain kill switch — close ASI04 #1(BOM),#8
asi04OWASP ASI04OWASP ASI04forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#227 In initializ/forge;[ASI07] Inter-agent message signing + anti-replay + fail-closed schema — close ASI07 #2,#3,#9
asi07OWASP ASI07OWASP ASI07forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#226 In initializ/forge;[ASI06] Memory write validation + provenance + no self-reingestion + trust decay — close ASI06 #2,#5,#6,#7,#8,#9
asi06OWASP ASI06OWASP ASI06forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#225 In initializ/forge;[ASI08/ASI09/ASI10] Tamper-evident (hash-chained + signed) audit stream — close ASI10 #1 / ASI09 #2 / ASI08 #10
asi08OWASP ASI08OWASP ASI08asi09OWASP ASI09OWASP ASI09asi10OWASP ASI10OWASP ASI10forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)Affects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixesSecurity vulnerability fixesStatus: Open.#224 In initializ/forge;