Cursor Agent ran rmdir /s /q on Windows and deleted my user profile
I’m posting this as a warning. I’m done with Cursor after this.
I was using Agent mode on Windows for a normal dev task: revert a small change by removing a subfolder in a repo. I did not ask to delete my user folder, Desktop, Documents, or anything outside the project.
The agent ran cmd /c rmdir /s /q with a path that included spaces. The quoting/path was wrong. From the terminal output it looked like it was walking C:\ with lots of “Access denied” on system paths, but enough under C:\Users\<me> was deleted that the damagewas catastrophic.
I'm aware I should have created better guardrails myself but this should not happen so easily. The fact that such command was ran without double checking or warning of any kind is concerning for a company that produces software.