Please do not report security vulnerabilities via public GitHub issues.
Open a GitHub Security Advisory — this keeps the report private and visible only to maintainers.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your report within 48 hours and aim to resolve critical issues within 7 days.
Security issues in scope:
entrypoint.py— command injection, path traversal, token leakageaction.yml— unsafe use of inputs in shell steps- Dependency vulnerabilities in
synapsekititself (report to the main repo)
| Version | Supported |
|---|---|
v1 (latest) |
✅ |