Cursor just deleted itself + github + more

Discussions
, , ,
1

(Yes, I’m using git before you ask.)

I’ve read the horror stories from Antigravity, and I’m suprised this has happened to me as I’m very methodical, and I wanted to share this since I was misled by Cursor’s settings.

I’ve been using cursor since April 2025. Enjoying everything about it… apart from today.

I was installing some new skills (from Vercel/nothing crazy) and asked the agent to delete a skill for agents I didn’t want since it added about 40 folders for each agent, and I just wanted the cursor only folder.

Off it went, and suddenly it deleted everything in my project in a second. It literally deleted all my files, which bricked all my apps since it deleted:

  • C:\Users\me

There’s nothing in the recycle bin, nothing to recover.

Now, these settings are off by default, but I had them on:

  • “File-Deletion Protection”

  • “External-File Protection”

It seems Cursor/Agents can still delete files through powershell cmd terminal and I just tested it again, and yes it’ll happily do that. I asked the agent about the Cursor settings and it’s tools, its reply:

Cursor’s “file delete protection” typically only guards interactive deletes inside the editor UI (Explorer/context menu/backspace delete), not every possible way a file can be removed from disk.

What happened here is that the environment I’m running in has a separate file-operation capability that can delete files directly via the filesystem, so it can bypass UI-level confirmations/protections.

So, Cursor is not sandboxed in to only edit files that’s shown the git repo / file tree? It can literally destruct my whole machine. This has me on edge.

Luckily all my data is safe due to living in the cloud and git, but this is seriously going to burn people if it can so easily run such destructive commands. Without more protection built in we’re in for a scary ride. From the malware hidden inside Clawdbot/Moltbot/OpenClaw to MCP servers having unprecidented access, take extra precautions and make recovery plans.

Installing all these new “Skills” could also just implement under the surface so much potential ■■■■■■■■ I’m tech positive person, loving ai, but this event has me really concerned.

Now is the time to make sure you have everything backed up and consider cold storage. The second you setup a “google” MCP via Manus, ClickUP, Claude or whatever you fancy given it’s so easy now, it will connect in dangerously easy. Ai now has unprecedented access, and the potential to delete everything.

For ref, other issues reported:

2 Likes
2

Hi there!

We detected that this may be a bug report, so we’ve moved your post to the Bug Reports category.

To help us investigate and fix this faster, could you edit your original post to include the details from the template below?

Bug Report Template - Click to expand

Where does the bug appear (feature/product)?

  • Cursor IDE
  • Cursor CLI
  • Background Agent (GitHub, Slack, Web, Linear)
  • BugBot
  • Somewhere else…

Describe the Bug
A clear and concise description of what the bug is.

Steps to Reproduce
How can you reproduce this bug? We have a much better chance at fixing issues if we can reproduce them!

Expected Behavior
What is meant to happen here that isn’t working correctly?

Screenshots / Screen Recordings
If applicable, attach images or videos (.jpg, .png, .gif, .mp4, .mov)

Operating System

  • Windows 10/11
  • MacOS
  • Linux

Version Information

  • For Cursor IDE: Menu → About Cursor → Copy
  • For Cursor CLI: Run agent about in your terminal
IDE:
Version: 2.xx.x
VSCode Version: 1.105.1
Commit: ......

CLI:
CLI Version 2026.01.17-d239e66

For AI issues: which model did you use?
Model name (e.g., Sonnet 4, Tab…)

For AI issues: add Request ID with privacy disabled
Request ID: f9a7046a-279b-47e5-ab48-6e8dc12daba1
For Background Agent issues, also post the ID: bc-…

Additional Information
Add any other context about the problem here.

Does this stop you from using Cursor?

  • Yes - Cursor is unusable
  • Sometimes - I can sometimes use Cursor
  • No - Cursor works, but with this issue

The more details you provide, the easier it is for us to reproduce and fix the issue. Thanks!

4

Since the last update (I’m not 100% sure), Cursor removed some files from my project (I am 100% sure). t happened very suddenly and unexpectedly - not when I asked to make a change. I can’t recall exactly what I was doing - maybe it was tab autocomplete, an undo operation, or rejecting a suggestion from Cursor. One second the file was there, and the next it was gone.

I asked Cursor to restore the file, and it did, but it wasn’t an exact copy of the deleted one. Then I opened the timeline and (luckily) found a version from before the deletion.

Usually, I always commit my files to git before asking Cursor to amend my code, but this time it happened during regular editing.

So the best advice is - commit often and push your commits to the remote!

5

Oh, I recall — I did reject the suggested changes, and then the file was deleted.

6

!!! IT DID IT AGAIN !!! But this time I was prepared )))

image
image770×856 82.8 KB

7

Not sure about “file protection”, but allowlist has been reliable for me. Cursor can only run approved commands or scripts. There are no file-deleting commands (bash or Powershell), and no arbitrary python / node executions either. No git commits - only read operations so that agent can check stuff around but not do any damage to system.

Allowlist blocks all CLI calls, even complex ones, if there’s any not allowed command in the chain. I think this is regex-based, so in general reliable. I often ran into issues of it blocking too much and not too little. Better safe than sorry.

8

I agree. I don’t have any commands on the allowlist (even ls or grep), so any action requires my confirmation. However, in this case, rejecting the suggested changes led to the entire file being deleted.

Since this has happened twice, it’s certainly a very severe bug in Cursor.