omega-cursor-cli

This skill is a legit-looking headless wrapper for the Cursor Agent CLI, but its design includes several risky patterns. The main concerns are autonomy abuse (explicit encouragement to bypass interactive approvals via --yolo and --trust), the ability to read and append local workspace memory files (which can be sent to Cursor), and runtime execution of third-party code (PATH discovery and npx fallback). These combine to create a realistic risk of unintended data disclosure or credential exposure to an external service (Cursor or any compromised cursor-agent package). There are no obvious signs of deliberately obfuscated or hardcoded malicious payloads in the provided text, but the operational choices (trust bypass, transitive execution) materially increase supply-chain and exfiltration risk. Recommend: require explicit user consent (avoid --yolo/--trust by default), avoid automatic npx fallsbacks or require pinned versions & checksums, and restrict what workspace files are read/sent. Treat this skill as medium-to-high security risk unless usage is explicitly controlled and audited.