Agents ignoring instructions (deciding to go ahead and build on it's own)

This may not officially be a bug, but it definitely feels like one. I’m not sure where the extreme bent towards execution is being injected, but this makes working with Cursor very frustrating.

i.e. asking to discuss or research first are completely ignored and several follow ups are required before the agent will step back and align with the user.

I frequently use agents for non-implementation tasks like research or planning. I get that certain models like the composer are optimized for execution, but when using models like Opus, my expectation is that they understand the original user intent (discuss versus build).

Is there any way to adjust this behavior?

image844×396 16.4 KB

Hi @elliott_tandems, Sorry to hear about this. One option that you could do is ask Cursor to build a user rule for you that is not automatically applied, but only when you invoke it (E.g. disable model invocation), and you can call it something like research mode, and in the rules it can include specific instructions not to take any write implementation tasks in the workspace. It’s not a bulletproof solution, but I think this would help guide the agent toward the behavior you’re looking for.

---
description: ""
globs: ""
alwaysApply: false
---

# RESEARCH mode

Use this rule only for research, investigation, explanation, and planning.

- Do not edit source files, configs, docs, tests, or generated files in the workspace.
- Do not create, rename, move, delete, stage, commit, or otherwise persist workspace changes.
- Do not run write-oriented refactors, formatters, migrations, or code generation against the workspace.
- Read-only investigation is encouraged: search, read files, inspect diffs, analyze logs, review architecture, and summarize findings.
- MCP access is encouraged when useful.
- Temporary validation is allowed only in clearly ephemeral locations such as OS temp directories, repo-local `tmp/` or `.tmp/`, or isolated sandboxes.
- Keep any temporary artifacts out of the real codebase and clean them up when practical.
- If the user asks for implementation while this rule is active, stay in research mode and provide analysis, options, or a proposed patch without applying it.

To test this, what I did was in Agent Mode:

@.cursor/rules/research-mode.mdc Please revise my background.css to be max-width 900px on line 12

And Cursor responded with:
research-mode is active in .cursor/rules/research-mode.mdc, so I did not modify background.css.

It’s not a guarantee but this is great option to steer the model’s behavior!

I appreciate the response, but with all respect I don’t feel that’s really a viable solution. Having to constant switch between execution modes or port outputs between multiple conversations is a bit unnecessarily clunky when the underling model is capable of following instructions.

I’m exploring migrating from a provider direct harness to a 3rd-party harness (like Cursor) and it feels really odd to only encounter issues with models refusing to take directional instructions on yours.

I hate to complain about something if I’m the one misusing the product, is this sort of use case outside of expected usage behaviors?

Hi @elliott_tandems ,

Can you tell me a bit more info about the model you’re using and the task you’re asking it to do?

• What does the context window look like at the point at which it starts implementing the solution when it shouldn’t?
• Has the chat been compacted (auto-summarized already)?
• What is the model name and context size? Are you using Fast mode or Max mode?

Sorry for the 20 questions, but I see your team has privacy mode enabled, so this is the best way to investigate the issue further without access to the request details.

I’ll also add that Cursor does have more rigid modes like Ask and Plan that offer a stronger guarantee that they won’t edit your code, but they may not have the flexibility that you’re looking for (e.g. Ask mode can’t call MCP tools).

This is primarily from starting fresh conversations, I’ve seen this on Opus 4.6 (high thinking fast max and variations of that), Composer 2 (fast and non-fast), GPT 5.4 (high both fast and non-fast), and GPT 5.3 Codex (high). I generally always have Max on.

I have encountered some steering issues during implementation too, where it ignored a request to step back and think and discuss with me on an approach and just kept making code changes, but this is rarer, and not my primary concern here.

99% I’ll kick off a conversation by saying:

• “Hey, let’s discuss X idea.”

• “Hey, I want to build X; let’s talk about it first.”

• “Hey, I need you to do X research activity.”

I get the most effective results when I ensure I’m aligned with the agent before moving forward on execution and I’m accustomed to being able to steer the agent conversationally.

The first couple of times of experiencing this with Cursor, I’ve been adding more explicit instructions, like I shared in the original screenshot, i.e., “let’s not build anything just yet”, or “don’t make any changes until I give you the go ahead”… And my concerns arise from this being completely ignored. That’s not something I’ve experienced when working with, say, Claude Code, Codex, or Gemini directly. I would much prefer being able to work with a third-party harness where I can easily switch between the different models. The alignment and steering issues makes it I feel like I’m fighting the tool rather than it’s working with me.

Definitely need to be able to access MCPs. I use agents heavily for all aspects of planning and context gathering, not just coding and also being able to write results somewhere.

Is Ask or Plan mode helpful to you or is it not quite the solution you’re looking for?
Also, I recommend frequently starting fresh chats. It’s possible that your context is getting very large and repeatedly summarized and even though you’ve provided clear guidance not to implement any changes - the agent might lose track of those instructions after repeated summarizations.