#+HashtagPLUS
In

Menu

Post image 1
Post image 2
1 / 2
0

AGENTSCORE-2026-0019: `@cg3/prior-mcp` risk change detected

DEV Community·Michael Kayode Onyekwere·about 1 month ago
#ROA601hP
#security#mcp#npm#supplychain#published#prior
Reading 0:00
15s threshold

Michael Kayode Onyekwere

@cg3/prior-mcp updated from 0.6.4 to 0.7.0. Score changed 100/100 to 75/100 (-25). Risk: LOW to MODERATE. 2 findings.

Package

  • Name: @cg3/prior-mcp
  • Version: 0.6.4 to 0.7.0
  • Score: 100/100 to 75/100
  • Risk: LOW to MODERATE

Findings

  • [HIGH] command_injection: Potential command injection: shell execution with template literal input
  • [LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: cg3llc

Full advisory: AGENTSCORE-2026-0019

Verdict API: curl https://agentscores.xyz/api/verdict?npm=%40cg3%2Fprior-mcp

Auto-published by AgentScore MCP security monitoring.

Read More