agentic ide

A sandbox bypass in Cursor's agentic mode lets attackers poison shell environment variables through implicitly trusted built-ins, converting approved commands like git branch or python3 into arbitrary code execution.