cursor-prod-checklist
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests full shell access via the Bash(cmd:*) permission in its metadata. This provides the agent with unrestricted command execution capabilities which could be abused if the agent is misled.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interacts with untrusted data from user workspaces. Ingestion points: The skill instructions in SKILL.md involve reading project files like .cursorrules. Boundary markers: The instructions do not provide delimiters or warnings to ignore embedded instructions within processed files. Capability inventory: The agent is granted Bash, Read, Write, and Edit permissions. Sanitization: No sanitization or validation of workspace content is implemented.
Audit Metadata