agentic-sdlc-intake-attack

Artifact Handling Policy

This is a defensive incident-response repository, not a malware-sample distribution repository.

Do Not Publish

Publishable Evidence

Use derived, non-executable, publication-safe material:

Private Retention

If an artifact must be retained privately:

Agent Handling Rule

Do not let agents auto-open, auto-extract, auto-preview, auto-import, auto-build, or auto-execute suspicious artifacts. Agents may record provenance, compute hashes, list archive entries, inspect magic bytes, and extract strings when the operation is static and does not execute the artifact.

Fixture Rule

Fixtures in this repository must be fake, inert, and clearly labeled. Do not replace fixtures with captured payloads.