Cursor asking for new Github permissions

Support Help
,
1

i got this email from gihub that said cursor was requesting more permissions. Why? Is this legit?

The Cursor app by cursor is requesting updated permissions

Read-only access to Administration

New request

Read-only access to Email addresses

New request

Read-only access to Custom properties

New request

Read-only access to Custom repository roles

New request

Read and write access to ActionsWas read-only

4

I got this as well. Found somewhere, it is preparation for features coming in June.
Does anyone more technical have any clue?

5

Same here.

My question, regarding the “actions” R/W permissions - will this burn build credits without explicit authorization?

What are the default guardrails in place for actions use?

6

My question, regarding the “actions” R/W permissions - will this burn build credits without explicit authorization?

What are the default guardrails in place for actions use?

I agree with @bedge above and am also a bit hesitant to accept the Write to Actions permission for above reasons. The read accesses are fine.

I would also add:

Can we expect granular enough permissions to see and toggle any actions use in the Cursor interface?

'We’re building an agentic-first review system, available as part of Teams and Enterprise plans.

These permissions will allow you to access those new capabilities when they launch in June.

I think going forward I’d like to see more detailed explanations in the Developer Notes on the permissions request to exactly what these settings are and do, particulary for write access.

8

Hey, yep, the email is legit. The app asking for permissions is the official Cursor GitHub App at GitHub Apps - Cursor · GitHub, and GitHub sends these notifications every time we update the app manifest. The explanation is in the Developer Notes on the approval page, as @Acoped quoted. These permissions are setting things up for the new agentic review system for Teams and Enterprise, launching in June.

Quick rundown of each item:

  • Read-only Administration, Email addresses, Custom properties, Custom repository roles: needed to understand the org structure and identify users in team and enterprise setups like mapping team members, custom roles, etc. It’s read-only, so it doesn’t make any changes to your org.
  • Actions read + write, instead of read-only: needed so cloud agents can interact with workflow runs, for example rerun a failed CI after a fix using gh run rerun. Without write access, that just won’t work.

Now to the specific questions:

will this burn build credits without explicit authorization?

The permission itself doesn’t start anything, it only allows API calls. Actions are only triggered by the agent as part of a specific task you give it like rerun the failed workflow, not in the background. That said, GitHub Actions minutes are billed to your account, so if you ask the agent to work with CI, it’s a good idea to review what it’s doing, just like any other change.

Can we expect granular enough permissions to see and toggle any actions use in the Cursor interface?

That’s the direction we’re moving in, making GitHub permissions more configurable per integration. No exact ETA yet, but the feedback is helpful and I’ll pass it to the team.

I’d like to see more detailed explanations in the Developer Notes

Fair point, especially for write access. I’ll note that.

And just so it’s clear, approval is optional. If you’re not interested in the new review features or you’d rather wait, the existing integration will keep working without the upgrade. You can approve later if you change your mind.