.cursorignore ignored for command prompt functions

KlimtEastwood · January 16, 2026, 3:09pm

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Love the product, but it’s definitely a bug when the AI blatantly asks you to run commands like “echo .env” when it sees .env is in .cursorignore. It even tells you it does so specifically to circumvent the .cursorignore.

This should not be the case, even if it asks you explicitly when you’ve not whitelisted the command. The .cursorignore file exists for a reason, which is to protect your sensitive files from the world. Users should be protected from this in a hard-coded and non-circumventable way, so that the IDE can be used securely.

Steps to Reproduce

Put a file in .cursorignore and try to write a script that uses it.

Expected Behavior

Everything in .cursorignore should be treated as non-existent and should be prevented from being printed.

Operating System

Windows 10/11

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.3.29 (user setup)
VSCode Version: 1.105.1
Commit: 4ca9b38c6c97d4243bf0c61e51426667cb964bd0
Date: 2026-01-08T00:34:49.798Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Windows_NT x64 10.0.26200

For AI issues: which model did you use?

Sonnet 4.5 and Opus 4.5

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · January 16, 2026, 5:32pm

Hey, thanks for the detailed report.

This is a known limitation. .cursorignore blocks access for Tab, Agent, Inline Edit, and @ mentions, but it can’t block terminal commands. This is stated directly in the docs:

“The terminal and MCP server tools used by Agent cannot block access to code governed by .cursorignore”

Recommendations to protect sensitive data:

Don’t add commands like cat, head, sed, echo, Get-Content to the allowlist for projects with sensitive data
Keep “Ask Every Time” enabled so every terminal command requires your approval
Use the Agent Tools settings to control this: https://cursor.com/docs/agent/tools

Relevant docs:

Ignore files: Ignore files | Cursor Docs
Agent security: Agent Security | Cursor Docs

The ideal behavior is that the LLM shouldn’t even try to read ignored files via the terminal. I’ll pass this along as feedback to the team.

KlimtEastwood · January 16, 2026, 7:02pm

Thank you for pointing me to the docs and forwarding it to the team. I don’t add commands to the allowlist by default, but that’s just me.

My guess is that this is something that should be managed in the system prompt/context or manually filtered out as a security by design feature.

Cheers.

system · February 7, 2026, 7:02pm

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security/Privacy issue: LLMs will attempt to circumvent .cursorignore Bug Reports	3	43	February 1, 2026
.cursorignore blocks file read and bash commands, but not the Grep tool Bug Reports sandbox , terminal , rules , security	1	9	February 10, 2026
Cursor keeps trying to access sensitive env variables even though .env is ignored Help	3	222	December 31, 2025
Security Concern: Files in .cursorignore accessible to agent if they are open in an editor tab? Discussions rules , context , security	5	48	January 30, 2026
AI agent bypassing security restrictions, hacks its access to restricted files Bug Reports	2	372	August 9, 2025