Skills
skills/melodic-software/claude-code-plugins/cursor-docs/Gen Agent Trust Hub

cursor-docs

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The module scripts/utils/script_utils.py contains an ensure_yaml_installed function that executes pip install pyyaml via subprocess.check_call if the package is not found at runtime. This allows for dynamic code installation from external registries.
  • [COMMAND_EXECUTION]: Orchestration scripts such as scripts/management/refresh_index.py and scripts/management/rebuild_index.py utilize subprocess.run() to execute other Python scripts within the skill's own directory tree to perform indexing and maintenance tasks.
  • [EXTERNAL_DOWNLOADS]: The scraper implementation in scripts/core/scrape_docs.py fetches documentation from external sources, primarily https://cursor.com/llms.txt, using the requests library to update local content.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Content is ingested from the web via scrape_docs.py and stored without sanitization. This content is then parsed by extract_metadata.py and used as context for the agent, potentially allowing malicious instructions embedded in remote documentation to influence agent behavior.
  • [SAFE]: The skill implements a robust security control in scripts/utils/script_utils.py. The resolve_base_dir function includes path traversal protection that validates all resolved directories are contained within the trusted skill directory or the project root.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 08:08 AM
Security Audit — agent-trust-hub — cursor-docs