To understand what’s actually happening, could you please clarify a couple of things:
Did the agent actually call a tool like read_file on a path outside your workspace? Or did it just suggest or mention that path in the reply?
Does the path from option B (/front/mock/_config.js) actually exist on your file system inside another project’s folder?
Can you share the full chat so far, especially what you asked about the config file?
Also, the Request ID would help so we can check this on the backend. You can copy it from the chat menu (three dots in the top right of the chat) then Copy Request ID.
This will help us figure out whether the agent is really trying to access files outside the workspace, or if the model is hallucinating or pulling context from somewhere it shouldn’t.
It seems I understand what was happening. I provided that absolute path in my message. That file should be used as example, but cursor (AI) tried to add it into the project.
As the resolution I suppose there should be some guard which should always ask: I am trying to read out from project’s directory: allow, deny, always allow, always deny etc.
The “solved” mark was because we found the root cause. The agent followed the absolute path you shared in your message instead of reading files on its own.
About the guard you suggested, there’s already a setting called External File Protection. It adds a confirmation prompt when the agent tries to edit files outside the workspace. You can check if it’s enabled in Cursor Settings > Agents. You can also use a .cursorignore file in your project root to block agent access to specific paths.
That said, the current protection mainly covers edits and file creation. Reading files outside the workspace is less restricted. The team knows this could be better. I can’t share a timeline, but reports like yours help us prioritize.
