The Agent Skills Directory

[COMMAND_EXECUTION]: The skill manifest requests broad shell access (Bash(cmd:*)). The file references/local-data-storage.md provides destructive commands for clearing local application data, such as rm -rf ~/Library/Application\ Support/Cursor/, which could lead to accidental data loss if executed without proper user confirmation.
[DATA_EXFILTRATION]: The skill explicitly references sensitive file patterns and paths in references/sensitive-file-exclusion.md, including .env files, SSH keys (id_rsa, id_ed25519), and cloud provider credentials (credentials.json). While these are provided for exclusion purposes, their presence in the logic defines an attack surface for data exposure if the agent's context is manipulated.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
Ingestion points: The skill reads and interacts with .cursorignore and .vscode/settings.json files within the user's project directory.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing these configuration files.
Capability inventory: The skill has Bash(cmd:*), Read, Write, and Edit capabilities across all project files.
Sanitization: There is no evidence of sanitization or validation of the content read from configuration files before processing.

cursor-privacy-settings