cursor

Overall benign-to-suspicious but best classified as SUSPICIOUS due to a third-party connector prerequisite and unexplained 'zero' troubleshooting path around an otherwise official Cursor API workflow. The main capabilities match the stated purpose and data mostly flows to Cursor, but the autonomous repo-agent behavior and external credential-management context increase risk.