Skills
skills/vesely/skills/cursor-agent/Gen Agent Trust Hub

cursor-agent

Warn

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the cursor-agent command-line tool via a Bash shell. It dynamically constructs the command string by interpolating user-supplied input ($task) and parameters such as mode and model. If the agent fails to properly escape shell metacharacters within these inputs, it could lead to arbitrary command execution on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill requires the external cursor-agent CLI to be installed and authenticated on the user's machine. The documentation also suggests installing the skill itself via npx, which involves fetching remote code.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external sources.
  • Ingestion points: The skill reads the output of git diff (code content) and the verbatim output returned by the cursor-agent CLI.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the code being reviewed or the CLI's response.
  • Capability inventory: The agent has access to Bash with the ability to run git and cursor-agent commands.
  • Sanitization: No sanitization or validation steps are defined for the ingested data before it is presented to the user or used to generate a summary.
  • [DYNAMIC_EXECUTION]: The skill generates and executes shell commands at runtime based on logic that parses user hints for model and mode selection, which is a form of dynamic script generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 1, 2026, 01:00 PM