{"advisories":[{"id":"AGENTSCORE-2026-0001","package":"@agenttrust/mcp-server","old_version":"1.1.1","new_version":"1.2.0","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: agenttrust","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@agenttrust/mcp-server updated from 1.1.1 to 1.2.0. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-04-09T21:28:10.265+00:00","published_at":"2026-04-09T21:28:10.349909+00:00"}],"total":1,"feed_url":"https://agentscores.xyz/security/advisories/rss.xml"}