mox-email-server
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Mox email server binary from an external third-party build service at https://beta.gobuilds.org/github.com/mjl-/mox@latest/linux-amd64-latest/dl.
- [REMOTE_CODE_EXECUTION]: Executes the downloaded binary from an external source with user-specific permissions to initialize the server configuration and run the mail service.
- [COMMAND_EXECUTION]: Employs sudo for high-privilege operations including creating system users, modifying firewall rules (ufw), managing systemd services, and editing system configuration files in /etc/.
- [COMMAND_EXECUTION]: Installs local shell scripts and systemd unit files to automate certificate synchronization and ensure persistence across system reboots.
- [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface by processing external data from DNS lookups (dig) and system logs (journalctl) without explicit sanitization; while the risk is low, these ingestion points could theoretically be exploited to influence agent behavior.
Audit Metadata