agent-orchestrator/packages/plugins/agent-cursor
harshitsinghbhandari 8f43006472 fix(agent-cursor): use printf %s pattern to prevent shell injection
Fix shell injection vulnerability when combining systemPromptFile with
prompt. The prompt could contain shell metacharacters ($(), backticks)
that would be executed inside the double-quoted string.

Now uses the exact same pattern as OpenCode:
  "$(cat 'file'; printf '\n\n'; printf %s 'prompt')"

The shellEscape wraps prompt in single quotes (no shell expansion),
and printf %s outputs it literally without interpretation.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-10 12:34:07 +05:30
..
src fix(agent-cursor): use printf %s pattern to prevent shell injection 2026-04-10 12:34:07 +05:30
package.json fix: merge upstream main and resolve conflicts for cursor agent 2026-04-10 11:48:27 +05:30
tsconfig.json feat: add Cursor agent CLI support (#1060) 2026-04-09 18:51:33 +05:30