TinyAgents is an agent orchestration framework. Security-sensitive areas include tool execution, model-generated workflow source, registry binding, policy checks, sandbox boundaries, prompt and context handling, stores, and credentials passed through runtime context.
Report concerns to contact@tinyhumans.ai.
TinyAgents is pre-1.0. Security fixes target the main branch until the project
starts maintaining release branches.
Please do not open a public issue for a suspected vulnerability.
Report security concerns by emailing security@tinyhumans.ai with:
- a description of the issue
- affected versions or commits
- reproduction steps or proof of concept
- impact assessment
- any suggested fix or mitigation
We will acknowledge reports as quickly as practical and coordinate disclosure before publishing details.
Examples of in-scope issues:
- generated
.ragor.ragshsource bypassing registry or policy checks - unintended tool, model, store, or filesystem access
- unsafe handling of credentials or secrets
- prompt/context leakage across runs, forks, or sub-agents
- checkpoint, cache, or store isolation failures
- dependency vulnerabilities with a practical exploit path in TinyAgents
Examples generally out of scope:
- model hallucination or low-quality model output by itself
- unsafe workflows caused by intentionally granting a tool broad authority
- vulnerabilities in downstream applications that use TinyAgents incorrectly
TinyAgents should treat generated workflow source as untrusted. Declarative workflow input should be parsed, resolved, bound to registries, checked against policy, and compiled before execution. Runtime code should not install model-generated topology directly.