cursor-agent-supervisor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill relies on executing the
cursor-agentcommand-line tool. While this is the primary purpose of the skill, it involves passing complex string arguments to the shell, which can be an attack vector if the task descriptions are not carefully handled. - [PROMPT_INJECTION] (LOW): The skill creates a significant surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the context via the task description passed to the
--resumecommand, which the skill suggests should include content from files, skills, or summarized instructions. - Boundary markers: There are no technical boundary markers or 'ignore embedded instructions' warnings implemented to prevent a sub-agent from following malicious instructions hidden within the files it is told to read.
- Capability inventory: The sub-agents invoked have high-privilege capabilities including the ability to 'hack on code' and 'run build/tests'.
- Sanitization: The skill lacks any logic for escaping or validating the external content before it is interpolated into the command line.
Audit Metadata