Skills
skills/nanameru/cursor-memory-skills/cursor-context-scout/Gen Agent Trust Hub

cursor-context-scout

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The cursor-scout.mjs script fetches the @cursor/sdk package from the official NPM registry at runtime if it is not present in the local cache, using the @latest version tag.
  • [REMOTE_CODE_EXECUTION]: The script uses dynamic import() to load and execute the @cursor/sdk library from a computed path in the user's cache directory after installation.
  • [COMMAND_EXECUTION]: The skill requires the ability to execute node and npm commands. The scout script specifically spawns npm to perform package installations as part of its setup process.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where user-supplied tasks from $ARGUMENTS are interpolated into a system prompt for the Cursor agent.
  • Ingestion points: User input from $ARGUMENTS is passed to the --task parameter in scripts/cursor-scout.mjs via the SKILL.md instruction.
  • Boundary markers: The prompt template in scripts/cursor-scout.mjs lacks explicit delimiters or 'ignore' instructions for the interpolated user task.
  • Capability inventory: The scout agent is granted capabilities to perform repository-wide file reading, semantic search, and grep operations via the @cursor/sdk tools.
  • Sanitization: The user-provided task string is interpolated without sanitization or validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 02:02 AM
Security Audit — agent-trust-hub — cursor-context-scout