cursor-insights
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local scanning script (
scripts/scan.ts) using thebunruntime vianpx. This script is responsible for discovering and parsing Cursor session transcripts stored in the user's home directory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes historical conversation logs that could contain instructions from previous interactions.
- Ingestion points: The script
scripts/scan.tsreads historical transcripts (.jsonlfiles) from the user's local Cursor project directory. - Boundary markers: The prompts in
SKILL.mduse basic descriptive labels (e.g., '会话记录内容:') but do not implement high-entropy delimiters or specific instructions to the model to ignore directives embedded within the ingested logs. - Capability inventory: The skill can execute local scripts, read application data in the home directory, and write HTML reports to the local filesystem.
- Sanitization: Conversation transcripts are processed without sanitization or filtering of potentially malicious instructions embedded in the historical text.
Audit Metadata