cursor-advanced-composer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Categor y 8) due to the ingestion of untrusted data from a projec t code base combined with high-impac t capabilities.
- Ingestion point s: The skill operate s on projec t file s reference d via @-mention s and indexe d code base reference s (SKIL L.md).
- Boundar y marker s: Absen t; the skill lack s specific instruction s to isolate or ignore instruction s embed ded within the code it read s.
- Capabilit y inventor y: The skill request s 'Read', 'Write', 'Edit', and 'Bash(cmd:*)' permission s (SKIL L.md).
- Sanitization: Absen t; the re is no provision for filtering or validating untrusted code base conten t before processing.
- [COMMAND_EXECUTION]: The skill authorize s 'Bash(cmd:*)' access, permitting unrestricte d comman d execution within the hos t environment. While typical for sof tware develo pmen t skill s, this power ful tool expose s the system to risk if the agen t is misle d by indirec t prompt injection s in the analyze d code.
Audit Metadata