BIG SECURITY RISK! .cursorignore doesn't seem to work, .envs files being sent as context

I read in the docs that cursor should ignore any .gitignored files already. I actually added a .cursorignore file anyways.

However it looks like my .env files can still be sent as context with cmd + k or chat. I think the ignore files might actually work so that cursor doesn’t index those files, but it does not work if you have the file open.

There was a time when I accidentally had a .env file open as the current opened file, but I was asking chat about something else and I didn’t notice the .env was added as context until after I hit send.

This seems like a huge security flaw to me.

2 Likes