Security risk report for @forgecat/cursor_plugins_team-kit v0.0.10
Source Integrity
SRC-010Medium
Profile claims origin from 'https://github.com/cursor/plugins' with commit hash '9c39b57' (2026-03-13); future date is suspicious and suggests fabrication or test data.
Author listed as 'Cursor' (the IDE vendor) without cryptographic verification; no signature or checksum provided to validate authenticity.
Details
Findings
Suspicious URLs
skills/pr-review-canvas/SKILL.md · SKILL-007
Agent Intent
Low
Content describes legitimate CI/CD, code review, and development workflows (GitHub Actions monitoring, merge conflict resolution, PR review, smoke testing) with no hidden instructions to manipulate the AI.
No directives to ignore system instructions, read credentials, exfiltrate data, install remote payloads, or leak system prompts.
Guidance is standard and security-sound: prefer minimal fixes, avoid bypassing hooks, keep changes focused—no poisoning of dependencies, no weakening of security defaults, no persistent biased rules.
Details
Evidence
Guardrails in 'loop-on-ci': 'Do not bypass hooks (`--no-verify`) to force progress.'
Guardrails in 'fix-merge-conflicts': 'Do not push or tag during conflict resolution.'
Guardrails in 'review-and-ship': 'If pre-commit checks fail, fix the issues rather than bypassing hooks.'
Permissions
PRM-000Medium
The profile declares no explicit tool categories, but the described workflows implicitly require broad capabilities: shell execution (git, gh CLI, npm, python3), file writes to /tmp, and starting a local HTTP server — all consistent with the stated CI/PR dev-loop purpose.
The pr-review-canvas skill starts a persistent background HTTP server on port 8432 ('python3 -m http.server 8432 --bind 127.0.0.1'), which is somewhat beyond a pure code-review function but is localhost-bound and low risk.
No tools are declared with alwaysApply=true or wildcard globs, and the authority exercised is broadly proportional to the stated internal developer workflow purpose.
Details
Evidence
skills/pr-review-canvas/SKILL.md: 'cd /tmp && python3 -m http.server 8432 --bind 127.0.0.1' — spawns a local web server
skills/loop-on-ci/SKILL.md: 'implement a focused fix, commit, and push' — implies file write and git push authority
skills/pr-review-canvas/SKILL.md: writes to /tmp/pr-review-{number}.html, /tmp/pr-patches-{number}.json — file system writes
MCP Risk
Low
No MCP servers are declared in the profile.
All tool invocations are standard CLI commands (git, gh, npm, python3) with no hidden binary execution or arbitrary network access.
Details
Evidence
Profile field 'MCP servers (untrusted data)': '(none)'