DEV Community

Michael Kayode Onyekwere
Michael Kayode Onyekwere

Posted on

AGENTSCORE-2026-0019: `@cg3/prior-mcp` risk change detected

#security #supplychain #mcp #npm

@cg3/prior-mcp updated from 0.6.4 to 0.7.0. Score changed 100/100 to 75/100 (-25). Risk: LOW to MODERATE. 2 findings.

Package

  • Name: @cg3/prior-mcp
  • Version: 0.6.4 to 0.7.0
  • Score: 100/100 to 75/100
  • Risk: LOW to MODERATE

Findings

  • [HIGH] command_injection: Potential command injection: shell execution with template literal input
  • [LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: cg3llc

Full advisory: AGENTSCORE-2026-0019

Verdict API: curl https://agentscores.xyz/api/verdict?npm=%40cg3%2Fprior-mcp

Auto-published by AgentScore MCP security monitoring.

Top comments (0)