Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
GitHub

[Feature] Unified Registry — Skill & MCP discovery via Engram

Use Engram as a semantic registry for skills and MCP servers, replacing the current approach of loading all skill descriptions and MCP tool definitions into the context window at startup. Instead, a ...