AGENTSCORE-2026-0062
MCP package: squish-memory
Published 6/10/2026 · 1.2.0 → 1.6.0
squish-memory updated from 1.2.0 to 1.6.0. Score changed 90/100 to 65/100 (-25). Risk: LOW to ELEVATED. 3 findings.
90 → 65
Score
LOW → ELEVATED
Risk
WARN
Verdict
Findings
- medium excessive_dependencies: Package has 21 runtime dependencies (high attack surface)
- high command_injection: Potential command injection: shell execution with template literal input
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: michielhdoteth