Why it matters
Report on two Cursor vulnerabilities where prompt-controlled behavior could bypass the editor sandbox and run commands on a developer machine. The important angle is that prompt injection becomes an application-isolation failure once an AI coding tool can inspect projects, invoke commands, and act inside a local workspace.
My takeaway: AI developer tools need real sandbox boundaries, command allowlists, and regression tests for prompt-to-command paths. Prompt wording is not a security boundary when the tool can execute local actions.