cursor-hooks
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: Documentation describes a feature where arbitrary shell commands are executed from a workspace configuration file during the agent lifecycle loop.
- Evidence:
references/file-format.mddetails the JSON structure of.cursor/hooks.json, specifying that the agent will execute strings provided in thecommandfields ofpreRunandpostRunhooks. - [NO_CODE]: The skill package is composed entirely of markdown documentation files and contains no executable scripts, binaries, or source code files.
Audit Metadata