Describe the Bug
When the agentic mode figures out that it does not have access to the .env file (due to .cursorignore), it uses the ls command to see all the files, and then uses cat command to read the content, and uses echo ... >> .env to write to the protected files. It now has all my private keys.
Steps to Reproduce
- Create a file
- add it to .cursorignore
- Ask the agent to work on something that requires access to that file
- see that it first tried to use the normal tools first, and when it sees that the file cannot be accessed, it verifies that it exists using the ls command and then uses more commands to view, edit, or delete the protected file.
Expected Behavior
Agent should not be able to see the file, it needs additional checks in terminal - for example it cannot send commands that contain the name of a protected file.
Screenshots / Screen Recordings
Operating System
Windows 10/11
Current Cursor Version (Menu → About Cursor → Copy)
Version: 1.2.4 (user setup)
VSCode Version: 1.99.3
Commit: a8e95743c5268be73767c46944a71f4465d05c90
Date: 2025-07-10T17:09:01.383Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Windows_NT x64 10.0.26100
Does this stop you from using Cursor
No - Cursor works, but with this issue