Security risk report for @forgecat/cursor_plugins_continual-learning v0.0.6
Source Integrity
Low
Profile claims origin from cursor/plugins repository with commit hash and MIT license; metadata is consistent and verifiable.
No suspicious or obfuscated source indicators detected.
Agent Intent
Low
Profile describes a legitimate memory-management workflow: reading transcripts, extracting durable preferences/facts, and updating a local AGENTS.md file.
No instructions to exfiltrate data, read credentials, reveal system prompts, or execute remote payloads.
Guardrails explicitly forbid secrets, private data, and transient details; the intent is to filter and retain only reusable workspace knowledge.
Details
Evidence
Workflow step 4: 'Pull out only durable, reusable items: recurring user preferences or corrections, stable workspace facts'.
Guardrails: 'Exclude secrets, private data, one-off instructions, and transient details.'
Permissions
PRM-003Medium
The profile declares no tools, but the stop hook (`./hooks/continual-learning-stop.ts`) implies file-read and file-write operations at hook runtime, which are medium-to-high risk capabilities not fully disclosed in the tool manifest.
The subagent (`agents-memory-updater`) is granted authority to read arbitrary transcript files under the user's home directory and write to `AGENTS.md`, which is broader than a narrow orchestration role.
The `disable-model-invocation: true` flag on the skill limits direct model calls, which is a positive constraint, but the delegated subagent still has significant file access authority.