cursor-agent

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The skill manifest is broadly aligned with its stated purpose and presents reasonable workflows for interactive and automated usage of the Cursor CLI agent. The main security concerns are standard supply-chain risk from curl|bash installations, and the use of tmux-based automation in CI contexts which can introduce credential exposure or unintended command execution if not properly sandboxed. Recommended mitigations include pinning installer hashes or using signed installers, encouraging package-manager-based installation where possible, enforcing least-privilege execution in CI, and securing API keys with secrets managers rather than environment variables in long-lived processes. LLM verification: The document is a practical guide for installing and automating the Cursor CLI. It does not contain direct signs of embedded malware or obfuscated code, but it prescribes high-risk operational patterns: executing a remote installer via curl|bash without integrity checks, automating acceptance of security prompts via tmux (removing human review), and recommending the use of environment API keys and --force auto-apply in CI. These patterns substantially increase supply-chain and automation risk if