The docs say file access is read on the whole filesystem and read/write only in workspace directories, so I’d expect deletes to be limited to the workspace.
With the default config (no “File-Deletion Protection” enabled), I’ve seen agents delete files outside the workspace with no confirmation. Is that intentional, or a bug? Should there be a confirmation or block when the target is outside the workspace, at least by default?
Steps to Reproduce
Just ask agent to delete a file for you. Screenshot from a quick test is included.
Hey, thanks for the report. This is a confirmed bug. File deletions outside the workspace really don’t check the External-File Protection setting, even though write operations do. So the docs describe the expected behavior correctly, but in practice deletions don’t follow it.
As a workaround, you can enable File-Deletion Protection (Cursor Settings → Agents). With this on, the agent will ask for confirmation before deleting any file.
The team is aware of the issue. Your report helps with prioritization, especially since you clearly showed it’s the file tool and not a terminal command.
I may be no expert but you gave the agent explicit instructions and implied permission. Why expect a permission box after already giving it permission via the prompt itself?
This issue has been fixed in a recent Cursor update. Updating to the latest version should resolve this. If you’re still experiencing this on the latest version of Cursor, please raise a new thread and we’ll take a look.
