When I saw this, the question which immediately came to mind was:
Who would turn loose arbitrary commands (content)
generated by an LLM onto their filesystem?
Then I saw the installation instructions, which are:
curl https://cursor.com/install -fsS | bash
And it made sense.
Only those comfortable with installing software by downloading shell commands from an arbitrary remote web site and immediately executing them would use it.
So what then is the risk of running arbitrary file system modifications generated from a program installed via arbitrary shell commands? None more than what was accepted in order to install it.
Both are opaque, unreviewed, and susceptible to various well known attacks (such as a supply chain attack[0]).
Only those comfortable with installing software by downloading shell commands from an arbitrary remote web site and immediately executing them would use it.
So what then is the risk of running arbitrary file system modifications generated from a program installed via arbitrary shell commands? None more than what was accepted in order to install it.
Both are opaque, unreviewed, and susceptible to various well known attacks (such as a supply chain attack[0]).
0 - https://en.wikipedia.org/wiki/Supply_chain_attack