# Security

Yagi is currently a non-custodial protocol, however, keepers do require permissionless access to the task interface on a contract. Therefore, it is up to the task author to only use Yagi for non-exploitable actions such as rebalancing, harvesting, filling limit orders, etc.

{% hint style="info" %}
Do not create external functions on your smart contract that could be exploited by malicious external actors
{% endhint %}