Skills
skills/migokg/plugin-store/relay/Gen Agent Trust Hub

relay

Fail

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The Cargo.lock file exhibits a poisoned dependency graph characteristic of a supply chain attack. Standard libraries serde and serde_json have been modified to include non-standard dependencies (serde_core and zmij) that do not exist in official releases for those versions.
  • [REMOTE_CODE_EXECUTION]: The project uses suspicious version numbers for well-known crates that do not match current official versions (e.g., serde at 1.0.228, tokio at 1.51.0, and getrandom at 0.4.2), indicating a dependency substitution attack.
  • [REMOTE_CODE_EXECUTION]: The addition of the zmij crate as a dependency of serde_json is a major red flag, as zmij (meaning 'viper' in Polish) is not a part of the standard Serde ecosystem and its inclusion suggests the insertion of a malicious payload.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 9, 2026, 05:45 AM