cursor-agent
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the installation script from the official Cursor domain (cursor.com) as a standard setup procedure.\n- [EXTERNAL_DOWNLOADS]: Instructs the user to download and install system tools like tmux using standard package managers (apt, brew).\n- [COMMAND_EXECUTION]: Provides instructions for modifying system shell configuration files (~/.zshrc, ~/.bashrc) to update the PATH environment variable.\n- [COMMAND_EXECUTION]: Provides guidance for installing necessary system dependencies using elevated privileges (sudo apt install tmux).\n- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the agent processes external data.\n
- Ingestion points: Reads user-supplied prompts and local codebase files/directories referenced via context markers (e.g., @filename.ts) in SKILL.md.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within processed files are specified.\n
- Capability inventory: The agent can perform file system modifications, refactor code, and execute shell commands for testing or CI/CD tasks as described in SKILL.md.\n
- Sanitization: No input validation or content filtering is implemented for the processed data.
Recommendations
- HIGH: Downloads and executes remote code from: https://cursor.com/install - DO NOT USE without thorough review
Audit Metadata