If you discover a security vulnerability in Loom, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email the maintainer directly or use GitHub's private vulnerability reporting feature.

1. Go to the Security tab of this repository
2. Click "Report a vulnerability"
3. Provide details about the vulnerability

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Resolution: Depends on severity and complexity

When using Loom, follow these security guidelines:

1. API Keys: Never commit API keys to source control. Use Named Credentials.
2. Permissions: Follow least-privilege principles when assigning agent permissions.
3. Approval Workflows: Enable approval for capabilities that modify data.
4. Audit Logs: Regularly review execution step records for anomalies.
5. Data Privacy: Be aware that user inputs are sent to external AI providers.

For detailed security configuration, see the Security Guide in our documentation.