cursor-cloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's cloud runtime accepts arbitrary repo URLs and runs agents against those repositories (see references/cloud-options.md and references/repos.md and SKILL.md examples), so the agent will clone/read untrusted user or public Git repos and act on their contents (commits/PRs), which can materially influence its actions and enable indirect prompt injection.