Back to plugin

Security audit

Project Context Engine

Security checks across malware telemetry and agentic risk

Overview

The plugin mostly matches its project-context purpose, but it quietly instructs the agent to save conversation-derived project notes to a backup repository without clear separate consent.

Review before installing. Use this only in workspaces where PROJECT.md files are safe to send to the model, and do not rely on the current prompt for consent around repository commits. Remove or modify the backup-commit instruction unless users explicitly approve the exact file contents and destination repository.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.