Dot env files are being read by the agent

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

I am sure that I read somewhere that cursor does not read or index git ignored files - especially .env secret files. But I found my agent just read it in one request.

Steps to Reproduce

• I just used gpt-5.3-codex-spark-preview-low model in Ask mode over my codebase
• Ask it a question
• It shows that it has read my .env file in the agent activity

Expected Behavior

• It should not read dot env files as its gitignored, these are confidential files

Screenshots / Screen Recordings

Screenshot 2026-02-27 at 5.30.50 PM.png707×435 38.5 KB

Operating System

MacOS

Version Information

Version: 2.5.26 (Universal)
VSCode Version: 1.105.1
Commit: 7d96c2a03bb088ad367615e9da1a3fe20fbbc6a0
Date: 2026-02-26T04:57:56.825Z
Build Type: Stable
Release Track: Default
Electron: 39.4.0
Chromium: 142.0.7444.265
Node.js: 22.22.0
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.2.0

For AI issues: which model did you use?

gpt-5.3-codex-spark-preview-low

For AI issues: add Request ID with privacy disabled

Request ID: d7ee7974-bf7a-452e-8058-e7e9c2f25ffa

Additional Information

I am an enterprise team user on the legacy plan of 500 requests per month.

Does this stop you from using Cursor

No - Cursor works, but with this issue

I had this thought also prior to that, at the end, I made up myself to think it only was able to read the name of the secret and not the secret itself, example : there is ANTHROPIC_API_KEY=123456789, the agent only read ANTHROPIC_API_KEY=********* to maybe verify it’s well in here.

Hello!

You can add .env files to your .cursorignore to exclude them (docs).

These files were previously ignored by default. There was an intentional change in 2.5 to remove the former defaults.

The global ignore list is now empty by default to fix sandboxing issues

Note that files listed in .gitignore are excluded from indexing but can still be seen and edited by the agent.