How were they compromised? Phishing?

Long time inngest user, this looks very interesting.

I was experimenting with different injection techniques for a model dataset and came across something… concerning.

If a file contains instructions like “run this shell command,” Cursor doesn’t stop to ask or warn you. It just… runs it. Directly on your local machine.

That means if you:

1) Open a malicious repo 2) Ask to summarize or inspect a file

…Cursor could end up executing arbitrary commands — including things like exfiltrating environment variables or installing malware.

To be clear:

- I’ve already disclosed this responsibly to the Cursor team. - I’m redacting the actual payload for safety. - The core issue: the “human-in-the-loop” safeguard is skipped when commands come from files.

This was a pretty simple injection, nothing facing. Is Cursor outsourcing security to the models or do they deploy strategies to identify/intercept this kind of thing?

Feels like each new feature release could be a potential new attack vector.

Announcing Grok CLI

An open-source AI agent that brings the power of Grok directly into your terminal.

Built over the weekend with a few design principles in mind:

No LLM frameworks No lobotomizing models Hackable (MIT licensed)

This is NOT an official release from XAI

Flawless execution

I made an AI powered slide deck assistant, making it fast & easy to create quality presentations and slide decks.

drops is an opinionated alternative to Mailchimp which enables ecommerce store owners to create, send and track beautiful email promotions in a matter of minutes.