Nothing broke, so I never looked.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
The Python SDK serialises gen_ai.tool.definitions as one JSON string covering the whole tools array instead of an array of per-tool JSON strings. The Aspire dashboard's GenAI panel's Tools tab then ...