Overview

• Oasis Security showed that a .vscode/tasks.json configured to run on folder open can execute code as soon as a project is opened in Cursor.
• Anysphere, Cursor’s developer, says it will retain the autorun behavior and plans updated security guidance on enabling Workspace Trust.
• Researchers warn the technique can steal tokens and credentials, modify files, plant malware, and enable supply‑chain pivots from developer machines.
• Visual Studio Code is not affected in its default configuration because it does not auto‑run such tasks without explicit trust.
• Recommended defenses include enabling Workspace Trust, turning off automatic tasks (task.allowAutomaticTasks: "off"), and opening unknown repositories in isolated environments.