AGENTSCORE-2026-0008
MCP package: idea-manager
Published 4/22/2026 · 2.4.5 → 2.5.2
idea-manager updated from 2.4.5 to 2.5.2. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 4 findings.
80 → 60
Score
MODERATE → ELEVATED
Risk
WARN
Verdict
Findings
- low install_script: Package has 'postinstall' script: node bin/postinstall.js
- medium excessive_dependencies: Package has 26 runtime dependencies (high attack surface)
- high command_injection: Potential command injection: shell execution with template literal input
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: navskh