Please report vulnerabilities privately via GitHub Security Advisories ("Report a vulnerability"). Do not open a public issue for security problems.
You can expect an initial response within a few days. Fixes ship as a patch release as soon as they are verified.
Only the latest release receives security fixes. ax is pre-1.0; always install or upgrade to the newest version:
curl -fsSL https://ax.yusuke.run/install | sh # verifies SHA-256
brew upgrade ax- ax fetches untrusted web content by design. Guardrails (download caps,
timeouts, terminal-escape stripping, cache permissions) are documented in
the README and
--help; bypasses of those guardrails are in scope. - Prompt-injection resistance rules for agents are part of the shipped
skill (
skills/ax/SKILL.md) — gaps there are welcome reports too.