Agent Bypasses Denylist

Describe the Bug

I have a rather large Denylist set up that i don’t want the Agent to run – Because i want it to be able to run toolcalls automatically. I have NPM on the denylist because it gets super annoying when cursor tries to spin up my server when i dont want it to.. however just recently it somehow found a way to bypass this by doing “API_ENABLED=true npm start” and it somehow started NPM by doing that, which makes no sense to me – however i figured i would point this out as it seems like a pretty big security issue.

41aaf36a-917b-4a30-90cf-323618bed5aa

Cheers

Steps to Reproduce

Not sure how to reproduce.

Expected Behavior

To not have my blacklist bypassed.

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.2.1
VSCode Version: 1.99.3
Commit: 031e7e0ff1e2eda9c1a0f5df67d44053b059c5d0
Date: 2025-07-03T06:13:13.763Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Linux x64 6.14.6-109.bazzite.fc42.x86_64

Does this stop you from using Cursor

No - Cursor works, but with this issue

hi @tumeden thank you for the detailed bug report, I have forwarded it to Cursor Team for review.