MAL-2026-4794

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (fc206ef48bfccaec8e81aac2b666e2d54a4a027e8432cc1d08d3823cf333caca) setup.py executes `git clone --depth 1 --branch dev-3.12 https://github.com/gabry-lab/index-tts` during the build_py / egg_info / sdist / bdist_wheel lifecycle and copies the cloned tree into `src/indextts`, which is then packaged into the wheel and executed by every installer who imports the package. The branch reference (`dev-3.12`) is mutable — no commit SHA is pinned — so whoever controls the `gabry-lab/index-tts` repository can change the bundled Python code at any time without republishing on PyPI. The clone source is also a personal-user fork rather than the upstream `index-tts/index-tts` organization repository that README.md and PKG-INFO advertise as the source of vendored code. The combination of (a) install-time fetch of executable Python source, (b) mutable branch ref with no integrity verification, and (c) publisher mismatch between the documented upstream and the actual fetched repository is the canonical install-time remote-code-execution shape: the bytes that end up running on the installer's machine are determined by future commits to a third-party-controlled branch, not by the version published to PyPI.