AGENTSCORE-2026-0006: `vexp-cli` risk change detected

vexp-cli updated from 2.0.11 to 2.0.12. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.

Package

• Name: vexp-cli
• Version: 2.0.11 to 2.0.12
• Score: 85/100 to 65/100
• Risk: LOW to ELEVATED

Findings

• [MEDIUM] no_repository: Package has no repository link — source code is not verifiable
• [HIGH] command_injection: Potential command injection: shell execution with template literal input
• [LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: vexp

---

Full advisory: AGENTSCORE-2026-0006

Verdict API: curl https://agentscores.xyz/api/verdict?npm=vexp-cli

Auto-published by AgentScore MCP security monitoring.