Back to skill

Security audit

Cursor Council

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Cursor orchestration guide, but it asks agents to make changes with reduced approval checks and to save full prompts and outputs long term.

Install only if you are comfortable supervising multiple Cursor agents that may edit files or run commands with reduced approval prompts. Use separate git branches or disposable worktrees, avoid blindly approving `waiting for approval` prompts, do not include secrets or sensitive customer/business data in council prompts, and delete or protect archived transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to send the full framed question directly to multiple external AI models via shell commands, but it provides no warning or guardrail about secrets, proprietary code, customer data, or regulated information that may be embedded in that prompt. In this skill context, that is a real data-exposure risk because the skill is specifically designed for parallel orchestration across different models/providers, which increases the chance that sensitive internal context is copied into third-party systems without review.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The document begins with a Chinese-language directive ('让模型扮演技术领域大牛...') and the finding indicates a mandate for Chinese output without any user opt-in or language negotiation. In a multi-agent orchestration skill, hard-coding output language can override user expectations, reduce usability, and cause downstream agents or tooling to mis-handle results when English or locale-neutral output is expected.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs users to persist full prompts and model outputs into a long-lived workspace directory. Those artifacts can easily contain sensitive source code, credentials, internal design discussions, or user-provided data, creating a durable data-retention and exposure risk if the archive is later synced, shared, or read by other tools/users.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.