cursor-edit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill documentation indicates the execution of a PowerShell script (scripts/apply.ps1) and the cursor-agent CLI tool. Because the source code for the PowerShell script is not provided, its safety cannot be verified, specifically regarding how it handles user-provided paths and instructions.
- PROMPT_INJECTION (HIGH): This skill presents a high-risk surface for Indirect Prompt Injection (Category 8). Ingestion points: Natural language instructions are accepted via the 'prompt' and 'target_path' inputs. Boundary markers: None are present to prevent the agent from following instructions embedded within processed code or user prompts. Capability inventory: The skill has the capability to modify, refactor, and delete files on the local system through the Cursor CLI. Sanitization: There is no evidence of input validation or sanitization, which could allow an attacker to manipulate the agent into overwriting critical files or injecting backdoors into the source code.
Recommendations
- AI detected serious security threats
Audit Metadata