Cursor used to just work inside the workspace, but now it is scanning my entire hard drive when asked to do tasks. I don’t know how to revoke permission for this. It seems especially concerning when seeing that others had their entire hard drive wiped. Has anyone else had this issue?
I wanted the AI to coordinate across multiple repos so I enabled multitask mode and opened my dev folder (~/Users//dev) in Cursor. At first it just looked inside the folder, but now it seems to be searching my entire hard drive like “Searched **/build/SKILL.md in ” and it’s asking for permission to read data across other apps, as well as access to my Documents, Downloads, etc folders. It’s possible the permissions come from the upstream VS Code bug ( Caught cursor scanning my entire disk, what is going on? - #3 by sualeh ) , though I’d imagine scanning my whole disk would also cause this.
I couldn’t find anything in the settings aside from “index new folders in the workspace” which doesn’t seem relevant. Does anyone know how to disable it?
I’m using an M1 MBP on Sequoia 15.1.1, but I don’t think this is hardware related.
Totally understand why this is unsettling. The key thing: what you’re seeing is a file search (the agent looking for matching file names like SKILL.md), not deletion or upload. It doesn’t open or send the contents of your Documents or Downloads unless the agent explicitly reads a specific file, so a search like this can’t wipe anything. That’s very different from the destructive terminal-command cases you may have read about.
The macOS prompts (“access your Documents/Downloads”, “data from other apps”) are macOS itself guarding those folders. You can safely click Don’t Allow without affecting your project work.
Why it happens: agents can read anywhere your user account can, so opening a broad top-level folder like ~/dev (and asking it to work across repos) lets its file search walk outward from there. The “index new folders in the workspace” toggle only affects codebase indexing, which is why it had no effect here.
To lock it down:
- Open the specific project folder(s) you’re working in instead of the top-level
~/dev. This scopes the agent’s searches and is the biggest lever.
- Revoke OS access: in System Settings > Privacy & Security > Files and Folders, turn Cursor off for Documents/Downloads/etc., and leave Cursor out of Full Disk Access. macOS then blocks those folders outright. (I’d avoid turning Full Disk Access on, since that would let Cursor read everything and just hide the prompts.)
- For sensitive files inside your workspace, add them to a
.cursorignore file. Background on how agent file access works and how to constrain it: LLM safety and controls.
A built-in control to keep the agent inside the project is something others have asked for too. You can follow and add your voice here: restrict agent file access outside the project. We track posts like that to help prioritize.
Let me know if scoping the workspace and the OS settings sort it out!