omega-cursor-cli
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by bridging user input to an autonomous agent.
- Ingestion points: The prompt text is accepted as a positional argument in
scripts/ask-cursor.mjsand passed to the downstream agent. - Boundary markers: The wrapper does not utilize delimiters or specific instructions to isolate the prompt from the agent's internal control logic.
- Capability inventory: The target
cursor-agenthas high privileges within the workspace, including the ability to read and write code and execute shell commands. - Sanitization: Input data is not sanitized or validated before being passed to the execution environment.
- [EXTERNAL_DOWNLOADS]: The skill uses
npx -yto download the@cursor/agentpackage from the npm registry inscripts/ask-cursor.mjsandscripts/verify-setup.mjs. This facilitates access to the well-known Cursor service tools. - [COMMAND_EXECUTION]: The wrapper script utilizes
child_process.spawnto manage local process execution. It includes platform-specific logic for Windows to resolve executable paths and usestaskkillfor process lifecycle management. Shell execution is disabled to prevent common injection vectors. - [REMOTE_CODE_EXECUTION]: The integration with
npx -y @cursor/agentallows for the dynamic loading and execution of remote code from the npm registry.
Audit Metadata