BIG SECURITY RISK! .cursorignore doesn't seem to work, .envs files being sent as context

wbtacc · December 13, 2024, 5:56pm

While a ‘.cursorignore’ file can prevent files from being indexed, those files may still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat. […]

— Security | Cursor - The AI-first Code Editor

I think what defines “recently viewed files” is unclear, and that a warning should occur before use of a “recently used file” if it is .gitignore-d or .cursorignor-d.

I raise related security concerns in Security Concerns with .gitignore, .cursorignore, .cursorban .

Topic		Replies	Views
CRITICAL: Cursor does NOT follow .gitignore and .cursorignore files! Bug Reports	5	1073	December 20, 2024
Environment Secrets and Code Security Feature Requests	19	6064	March 19, 2025
Questions on .gitignore, .cursorignore, .cursorban Feedback	24	2484	April 12, 2025
Cursor ignores .cursorignore and distributes sensitive info Bug Reports	1	102	May 7, 2025
Cursor reads .env even though it is on .cursorignore Bug Reports	2	60	November 2, 2025

BIG SECURITY RISK! .cursorignore doesn't seem to work, .envs files being sent as context

Related topics