vox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required bootstrap step (scripts/bootstrap.sh) downloads and executes the Homebrew install script via curl from https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh and its package install logic (resolve_package_spec / VOX_CLI_GIT_URL and uv tool install) can pull arbitrary remote packages, meaning untrusted public content is fetched and executed as part of the mandatory workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). scripts/bootstrap.sh explicitly runs /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" at runtime (fetching and executing remote code), and the installer also accepts a VOX_CLI_GIT_URL (installed as git+ via uv) which can fetch and execute remote repository code—both are runtime actions that execute remote code.