Trust Assessment
cursor-agent received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 4 critical, 2 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Remote code execution: curl/wget pipe to shell.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:23 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:27 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:11 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:11 | |
| HIGH | Unsecured `curl | bash` installation method The skill recommends installing the Cursor CLI agent by piping the output of `curl` directly into `bash`. This method bypasses package manager integrity checks, version pinning, and cryptographic verification. If `cursor.com` were compromised, or if the network path to it were intercepted, malicious code could be executed on the user's system without warning, leading to a supply chain attack. Avoid using `curl | bash` for installation. Instead, recommend using a trusted package manager (like Homebrew, which is also mentioned in the skill) or providing a signed, checksummed binary download. If `curl | bash` is absolutely necessary, provide a checksum for the script and explicit instructions to verify it before execution. | LLM | SKILL.md:10 | |
| HIGH | Potential Command Injection via `tmux send-keys` with unsanitized input The skill demonstrates using `tmux send-keys` to execute commands within a `tmux` session, including passing user-provided prompts to the `agent` CLI (e.g., `agent 'Your task here'`). If the `Your task here` placeholder is populated by an LLM using untrusted external input without proper sanitization or escaping, it could lead to command injection. An attacker could craft input that breaks out of the `agent` command's argument and executes arbitrary shell commands within the `tmux` session, potentially leading to data exfiltration or system compromise. Advise users to strictly sanitize or escape any LLM-generated or untrusted input before passing it to `tmux send-keys`. For critical automation, consider using a more robust and secure method for interacting with CLI tools that doesn't rely on sending raw keystrokes, or ensure the `agent` tool itself has strong input sanitization. Explicitly warn about the dangers of unsanitized input when using this pattern. | LLM | SKILL.md:134 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:25 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:23 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/snail3d/voice-devotional/skills/cursor-agent/SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/21433e18a42d71b5)
Powered by SkillShield