Describe the Bug
While working in Cursor on a local JavaScript project, the IDE unexpectedly executed a destructive shell command rm -rf ~ && ls -la that recursively attempted to delete my macOS home directory. The action wiped personal files outside the project folder, causing partial data loss despite macOS SIP/TCC protections blocking some deletions.
Steps to Reproduce
Open Cursor on macOS with a local JavaScript project.
Ask the AI assistant to help fix a problem in the project code (in my case, a web demo).
Without warning or confirmation, the AI executes a shell command in the integrated terminal that targets the user’s home directory (~) instead of project-specific files.
Observe loss of files outside the workspace.
Expected Behavior
The AI assistant should never run destructive commands outside the project directory without explicit, multi-step user confirmation, and should block commands like rm -rf ~, rm -rf /, or sudo rm -rf entirely.
Operating System
MacOS
Current Cursor Version (Menu → About Cursor → Copy)
Operating System
macOS Sequoia 15.6
Current Cursor Version
1.4.3
Additional Information
Additional Information
No Time Machine backups were available at the time.
The loss included personal documents and configuration files unrelated to the project.
Incident occurred around 14:30 local time on August 13, 2025.
The destructive command was not typed manually — it appears to have been injected or suggested by the AI during troubleshooting.
This makes Cursor unsafe to use for projects containing or stored alongside sensitive/personal data.
Does this stop you from using Cursor
Yes - Cursor is unusable