The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Shell tool to execute a local bash script (scripts/cloud-agent.sh) which invokes curl, jq, git, base64, and sips. These commands are used to interact with the Cursor REST API, process local image files, and manage the local repository state through git operations like fetch, checkout, and cherry-pick.
[DATA_EXFILTRATION]: The skill accesses the CURSOR_API_KEY environment variable and transmits it to api.cursor.com (a well-known service) via a Basic Authorization header. Additionally, the script includes functionality to read local files, encode them as Base64 strings, and upload them to the API when processing images attached to prompts.
[EXTERNAL_DOWNLOADS]: The workflow for pulling agent changes involves git fetch and git pull from remote repositories. This involves downloading and integrating code generated by the remote cloud agent into the local environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its integration with code generated by remote agents.
Ingestion points: The skill fetches code changes from remote branches created by Cursor Cloud Agents (identified via the status command and integrated via git pull).
Boundary markers: No specific boundary markers or automated verification steps are defined for the fetched code content beyond standard git diffs.
Capability inventory: The skill possesses extensive local capabilities including full git repository access and the ability to execute network requests via curl and process files via base64.
Sanitization: No automated sanitization or validation is performed on the code content pulled from the remote agent before it is integrated into the local workspace, relying entirely on manual user review.

cloud-agents