ide-im
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages a background daemon using complex shell and PowerShell scripts. It installs persistence mechanisms, including macOS LaunchAgents and Windows Services, to ensure the bridge process runs automatically across system restarts and user sessions.
- [EXTERNAL_DOWNLOADS]: During setup and execution, the skill fetches the Cursor CLI from its official domain (cursor.com) and installs Node.js dependencies from the NPM registry and a public GitHub repository. These downloads are documented for functionality but involve executing remote scripts locally.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external messaging platforms (Telegram, Discord, Feishu, and QQ). This creates an attack surface for indirect prompt injection, where malicious instructions sent via chat could influence the AI agent's behavior, particularly since the agent is granted capabilities like file system access and shell command execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://cursor.com/install - DO NOT USE without thorough review
Audit Metadata