The AI model Claude 4 Sonnet was able to circumvent the protection of .env file of the project by running a bash command (which I missed what it was) that reveals it or a part of its contents.
How to reproduce (theory only):
- Auto-run must be enabled
- Auto-fix must be enabled
- Instruct it to not ask for confirmation from the user as much as possible when answering the prompted task.
- Prompt a task that is impossible to solve without reading the .env file (the task I asked was regarding a feature of my Svelte 5 + Laravel + Inertia.js app)
- Or prompt it to fix an error that requires reading the .env file
Cursor version: 1.0
Mac OS >= 15.5 (will verify later)
Issue doesn’t stop me from using Cursor, but this is potentially a huge security issue that I hope others will be informed and hopefully it gets patched asap as well.