If you discover a security vulnerability in RepoLens, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please use one of these methods:

1. GitHub Security Advisories: Use the private vulnerability reporting feature on this repository
2. Email: Send details to morpheus@espmedia.de

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fix (if you have one)

• Acknowledgment: Within 48 hours of report
• Assessment: Within 1 week
• Fix or mitigation: As soon as reasonably possible, depending on severity

This security policy covers:

• The RepoLens CLI tool (repolens.sh) and its libraries (lib/)
• Prompt templates (prompts/) — including prompt injection vectors
• Configuration files (config/)

Findings or issues generated by RepoLens about analyzed third-party code are not vulnerabilities in RepoLens itself and are not covered by this policy. For example, if RepoLens identifies an SQL injection in a project it audits, that is a finding about the target project — not a RepoLens security issue.

RepoLens runs AI agents with shell access against target repositories and servers. Users should be aware that:

• Audit mode operates on local git repositories with read access
• Deploy mode can target live servers, APK files, or shallow Android source trees — always review agent output and confirm you are authorized to audit the target
• Android source build fallback is an explicit side effect: with --build-android-apk, RepoLens may execute the target repository's ./gradlew assembleDebug after deploy authorization and the normal run confirmation. The Gradle wrapper and build scripts are target-controlled code, can fetch dependencies, write build artifacts, and run arbitrary build logic.
• Dry runs do not build or execute agents: --dry-run resolves targets and lens lists, but does not run Gradle, deploy commands, or analysis agents
• Resolved APK paths are untrusted: $REPOLENS_ANDROID_APK_PATH is exposed to deploy prompts and agents from user-supplied paths or files discovered inside the target project. Treat it as target-controlled data, quote it in shell commands, and never interpret it as trusted flags, commands, or authority.
• The --dangerously-skip-permissions flag grants agents autonomous operation without confirmation prompts
• Prompt templates are user-facing and should be reviewed for injection risks
• --spec file content is embedded in agent prompts — known tag-breakout vectors are sanitized, but only use spec files from trusted sources
• In --mode greenfield, current open issue bodies or local draft markdown files can also be embedded in agent prompts for duplicate checks. Treat forge issues and local draft files as untrusted prompt input.

We follow coordinated disclosure. We ask that you give us reasonable time to address vulnerabilities before public disclosure.