cursor-cli
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local command-line utilities, specifically
cursor-agentandgit, to facilitate code analysis and diagnostics. The implementation includes strict defaults for read-only operation and uses subshells for context-specific execution. - [DATA_EXFILTRATION]: Repository metadata and file content are collected to be processed by the external Cursor API. The skill mitigates risks of sensitive data exposure through an 'Activation Contract' that instructs the agent to check for credentials or private files before transmission and provides a '--dry-run' mode for user review.
- [PROMPT_INJECTION]: The skill processes untrusted input in the form of repository diffs and context files, which constitutes an indirect prompt injection surface. This is addressed by the use of read-only flags (
--mode planor--mode ask) which prevent the external CLI from performing destructive actions or modifying the local environment regardless of the prompt content.
Audit Metadata