Cargo · crates.io

vex-mcp

Llm Injection Payload: AI-agent-directed instruction adjacent to credential exfil — prompt-injection payload (Shai-Hulud / SANDWORM_MODE). imperative="Ignore previous instructions" target=".ssh/id_rsa"

Why PkgRadar flagged 0.1.5

Severity	Signal	Evidence
high	Llm Injection Payload	AI-agent-directed instruction adjacent to credential exfil — prompt-injection payload (Shai-Hulud / SANDWORM_MODE). imperative="Ignore previous instructions" target=".ssh/id_rsa" · vex-mcp-0.1.5/src/detect/poisoning.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.5`	High risk	45	2026-06-20
`0.1.4`	High risk	45	2026-06-20
`0.1.3`	High risk	45	2026-06-20
`0.1.2`	High risk	45	2026-06-20
`0.1.1`	High risk	45	2026-06-20
`0.2.1`	High risk	60	2026-06-20
`0.2.0`	High risk	60	2026-06-20

Block this in CI

PkgRadar gates vex-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]

Start free — 25 scans / mo View full evidence