Security audit
Project Context Engine
Security checks across malware telemetry and agentic risk
Overview
The plugin mostly matches its project-context purpose, but it quietly instructs the agent to save conversation-derived project notes to a backup repository without clear separate consent.
Review before installing. Use this only in workspaces where PROJECT.md files are safe to send to the model, and do not rely on the current prompt for consent around repository commits. Remove or modify the backup-commit instruction unless users explicitly approve the exact file contents and destination repository.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
