Security

roleplay.sh, operated by MARAM TECH VENTURES LTD, tests whether AI agents can be manipulated into violating policy, trust boundaries, or tool-use rules.

Data Handling

Use sanitized uploads for Team Cloud. Treat local transcripts, hidden context, tool outputs, and generated reports as sensitive.

API Keys

Production API keys should be stored hashed at rest, shown only once, scoped to projects, and rotated when exposed.

CLI Target Execution

CLI targets can execute local commands. Review scenario files before running them and use explicit approval flags for automated command execution.

Reporting Issues

Report security issues privately through a GitHub security advisory or support@roleplay.sh. Do not include real secrets or customer data in public issues.