Cursors runs not allowed comands!

Alexandr_Vopilov · February 21, 2026, 10:57pm

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Hello. I have sandbox mode enabled and the allow only from sandbox mode for commands, and there is nothing related to git there — yet it performed checkout, add, commit, push, and so on during the conversation without permission! Moreover, the rules explicitly state not to use these commands.

Another issue is that if echo is allowed but rm is not, the AI invents ways to delete a file using commands like echo “” > file.txt, and so on.

When can these problems be resolved?

Steps to Reproduce

it just does itself

Operating System

MacOS

Version Information

Version: 2.5.17
VSCode Version: 1.105.1
Commit: 7b98dcb824ea96c9c62362a5e80dbf0d1aae4770
Date: 2026-02-17T05:58:33.110Z
Build Type: Stable
Release Track: Default
Electron: 39.3.0
Chromium: 142.0.7444.265
Node.js: 22.21.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.2.0

For AI issues: which model did you use?

Sonnet 4.6

Does this stop you from using Cursor

No - Cursor works, but with this issue

Colin · February 21, 2026, 11:04pm

Hey there.

The allowlist is for commands that run outside of the Sandbox. Within the sandbox, just about anything can run.

You might be interested in enforcement hooks, or adjusting your sandbox configuration so that git push won’t have the network access to run in the sandbox (see Auto-Run Network Access).

Would also be curious to see how your rules are set up!

Topic		Replies	Views
Sandbox mode makes using cursor annoying Bug Reports	4	774	December 6, 2025
Agents git committing when they shouldn't Bug Reports	3	110	December 4, 2025
AI shell now sandboxed, can’t run real git/PowerShell? Help sandbox , terminal	1	19	March 10, 2026
Cursor Able to git commit with out user permission in sandbox mode Bug Reports	2	111	December 13, 2025
Dangerous change in last update! Bug Reports	11	549	November 7, 2025