BIG SECURITY RISK! .cursorignore doesn't seem to work, .envs files being sent as context

I read in the docs that cursor should ignore any .gitignored files already. I actually added a .cursorignore file anyways.

However it looks like my .env files can still be sent as context with cmd + k or chat. I think the ignore files might actually work so that cursor doesn’t index those files, but it does not work if you have the file open.

There was a time when I accidentally had a .env file open as the current opened file, but I was asking chat about something else and I didn’t notice the .env was added as context until after I hit send.

This seems like a huge security flaw to me.

5 Likes

Hi there. This concerns me too. Thanks for the hint. Did you have any other issues with indexed .env files in the meantime or did you get any new information about the topic?

  • While a ‘.cursorignore’ file can prevent files from being indexed, those files may still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat. […]

Security | Cursor - The AI-first Code Editor

I think what defines “recently viewed files” is unclear, and that a warning should occur before use of a “recently used file” if it is .gitignore-d or .cursorignor-d.

I raise related security concerns in Security Concerns with .gitignore, .cursorignore, .cursorban .

1 Like