Cursor IDE Agent Reads .env file!

Support Bug Reports
, ,
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Opus 4.6 reads the .env file!

Steps to Reproduce

  1. Create .env file
  2. Interact with Opus 4.6

Expected Behavior

Agent should not read sensitive files.

After creating a .cursorignore file, it tells me it no longer has access (previously it was only on .gitignore). This is new behaviour, I believe?

Screenshots / Screen Recordings

cursor_env.png

Operating System

Windows 10/11

Version Information

Version: 2.4.37 (user setup)
VSCode Version: 1.105.1
Commit: 7b9c34466f5c119e93c3e654bb80fe9306b6cc70
Date: 2026-02-12T23:15:35.107Z
Build Type: Stable
Release Track: Default
Electron: 39.2.7
Chromium: 142.0.7444.235
Node.js: 22.21.1
V8: 14.2.231.21-electron.0
OS: Windows_NT x64 10.0.19045

For AI issues: which model did you use?

Opus 4.6

Does this stop you from using Cursor

No - Cursor works, but with this issue

Cursor reads .env files by default
3

Hey, thanks for the report. This is a known issue. The agent’s Read tool doesn’t fully respect .gitignore.

What’s happening: .env* is on the default ignore list, but that list is currently applied only to indexing, not to agent tool calls like Read file. So the agent can still explicitly open and read .env if it decides to.

The workaround you found is the right approach: .cursorignore. A couple tips to make it more reliable:

  1. You can set this globally so it applies to all projects: VS Code Settings > General > Global Cursor Ignore List. Add patterns like **/.env and **/.env.*.

  2. Keep in mind the docs say the terminal and MCP tools used by the agent can’t be blocked via .cursorignore, so the agent can still access env contents through terminal commands like cat .env. More here: Ignore files | Cursor Docs

The team is aware of this gap between indexing-level ignores and agent tool-level ignores.

Let me know if the global ignore list approach works for you.

1 Like
4

Indeed this works, but as you said, when pressed the agent still read it without problem first try using the cli command “type .env”.

I concede this seems like a very difficult problem to solve… perhaps check command by passing them through another agent?

Anyways, thanks for the help and heads up! I’ve been using cursor for a while, and was sure you had this issue solved tbh.

1 Like