Issue:
Cursor occasionally replaces valid, intentionally provided Discord links (e.g., discord.gg/validServer) with fabricated or non-existent Discord URLs (e.g., discord.gg/[made_up_name]). This happens unpredictably during regular edits or generations made by Cursor.
Impact:
This led to one of our websites redirecting users to a fabricated Discord URL (discord.gg/[made-up-name]), which initially did not exist. A malicious actor later exploited this by creating a Discord server at that URL, posing significant security risks to users who were redirected unknowingly. The original, correct URL was overwritten without our consent or awareness.
Replication Challenge:
The issue occurs randomly, making it difficult to reliably reproduce. It has happened three separate times without clear triggers or explicit instructions to alter URLs.
Expected Behavior:
Cursor should never alter or fabricate URLs, especially Discord server addresses. Explicitly provided URLs must remain unchanged unless explicitly instructed otherwise.
Recommended Action:
Cursor should implement safeguards at the prompt or processing level to prevent automatic URL replacements or fabrications, particularly for sensitive links such as Discord addresses.