Malicious Repos Can Trigger Auto Code Execution in Cursor AI

The issue comes from a default setting in Cursor. A safety feature called Workspace Trust is disabled by default when the program is first installed. As a result, certain task files can begin executing commands immediately when a developer opens a folder.

If a user adds a harmful task to a project and shares it online, those commands will run as soon as another person opens the folder in Cursor.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Pick the Right DeFi dApp? (Dos and Don’ts Explained)

SUBSCRIBE

ON YOUTUBE

Cursor is built on top of Visual Studio Code, which also includes the Workspace Trust feature. This tool is designed to protect developers from malicious code by blocking automatic tasks from unknown sources.

The vulnerability exploits the .vscode/tasks.json file, which can contain instructions to run tasks as soon as a folder is opened. Attackers can place these instructions in a shared project.

According to Erez Schwartz from Oasis Security, this behavior can lead to stolen credentials, changed files, or system access. It also increases the chances of supply chain attacks, where malicious code spreads through tools or projects used by many people.

To stay safe, users should take a few steps. First, they should enable Workspace Trust in Cursor to stop unknown tasks from running automatically. Second, it is advised to open untrusted projects using a different code editor, especially the .vscode folder, before using Cursor.

On August 28, Anthropic warned that bad actors are using its chatbot Claude to help carry out online crimes. How? Read the full story.