Agent to assess security issues in context, and auto-fix

AuspiciousSolitude · May 29, 2025, 8:04pm

Can you please provide a background agent that assesses security issues in context, and auto-fixes them?

Problem:
When I run npm audit, it shows me security risks, but I have these problems with it:

poorly formatted
to get extra context I need to go to a website on the given issue
while an issue may be marked ‘critical’, it may not be to me (for example if the criticality doesn’t apply if you host on AWS)

Solution:
Cursor background agent.
Every week it runs my .mdc rule which says something like:

Run npm audit
Investigate each issue in the context of codebase and implementation
Where you believe issues should be fixed, create a PR for each one, starting with highest priority.

T1000 · May 29, 2025, 8:07pm

Is that not already available using Background Agents?
You can assign it the task as you described.

One thing will be hard for AI to know, what is critical for you and what isnt unless you specify the rules.

AuspiciousSolitude · May 29, 2025, 8:09pm

Ah, that’s great if it will support it then.

I haven’t used it because it hasn’t been security audited itself yet.

But I will when it has.

Topic		Replies	Views
Background Agent Collection v0.50.x How To	0	153	May 22, 2025
Haywire MDC implementation Feedback	0	21	April 4, 2025
Cursor agent enhancement Discussions	1	145	January 6, 2025
Background Agents API Feature Requests	0	48	May 25, 2025
Feedback loop for errors Feature Requests	0	25	May 15, 2025