call-cursor-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes the
cursor-agentbinary using shell commands. This assumes the binary is already present on the host system. The skill does not verify the integrity or provenance of this binary. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it interpolates untrusted task descriptions directly into an agent's input stream.
- Ingestion points: The
{task_description}variable in the shell block ofSKILL.md. - Boundary markers: Uses a shell heredoc (
<<EOT), which prevents basic shell command injection but does not prevent the agent from obeying malicious instructions within the text. - Capability inventory: Executes
cursor-agent, which is an AI agent tool likely capable of file modification or code execution. - Sanitization: None; the input is passed directly to the tool without filtering or escaping.
Audit Metadata