Comment by hasyimibhar
18 hours ago
I'm not familiar with Cursor, does it allow the agent to have access to run "curl -X POST" with no approval, i.e. a popup will show up asking you to approve/deny/always approve? AFAIK with Claude Code, this can only happen if you use something like "--dangerously-skip-permissions". I have never used this, I manually approve all commands my agent runs. Pretty insane that people are giving agents to do whatever it wants and trusting the guardrails will work 100% of the time.
Cursor's like Claude Code in this regard by default when executing external commands. But IIRC you can also click something like "Always Allow" and it'll stop asking.
Ok then it's definitely the author's fault for clicking "Always Allow". I don't even trust my agent to run grep without approval, let alone curl.