AGENTSCORE-2026-0008: `idea-manager` risk change detected

#security #mcp #npm #supplychain

idea-manager updated from 2.4.5 to 2.5.2. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 4 findings.

Package

[LOW] install_script: Package has 'postinstall' script: node bin/postinstall.js
[MEDIUM] excessive_dependencies: Package has 26 runtime dependencies (high attack surface)
[HIGH] command_injection: Potential command injection: shell execution with template literal input
[LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: navskh

Verdict API: curl https://agentscores.xyz/api/verdict?npm=idea-manager

Auto-published by AgentScore MCP security monitoring.