AGENTSCORE-2026-0006
MCP package: vexp-cli
Published 4/18/2026 · 2.0.11 → 2.0.12
vexp-cli updated from 2.0.11 to 2.0.12. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.
85 → 65
Score
LOW → ELEVATED
Risk
WARN
Verdict
Findings
- medium no_repository: Package has no repository link — source code is not verifiable
- high command_injection: Potential command injection: shell execution with template literal input
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: vexp