cursor-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as documentation for the official
@cursor/sdklibrary and vendor-owned domains (cursor.com), which are legitimate resources. - [SAFE]: Coding examples promote security best practices, such as utilizing environment variables for credentials and implementing proper resource disposal using
Symbol.asyncDispose. - [SAFE]: Remote code execution patterns involve fetching standard Model Context Protocol (MCP) servers via the official NPM registry, which is a well-known service and consistent with the tool's intended purpose.
- [SAFE]: The documentation provides proactive security warnings regarding credential exposure and environment variable visibility in shared or cloud runtimes.
Audit Metadata