How do I use InjectShield with Cursor agents?

Question

Accepted Answer

Cursor's Agent mode (2025+) executes autonomous coding tasks — reading repo files, running terminal commands, fetching docs, editing code. The threat model is identical to Claude Code: every file, web page, tool output, and stdout line is an OWASP LLM01 indirect-injection vector that can hijack the agent. Cursor supports MCP servers natively, so InjectShield drops in via the same `@injectshield/mcp` package used for Claude Code. In `~/.cursor/mcp.json`: ```json { "mcpServers": { "injectshield": { "command": "npx", "args": ["-y", "@injectshield/mcp"], "env": { "INJECTSHIELD_API_KEY": "isk_..." } } } } ``` Then add a Cursor Rule (`.cursor/rules/injectshield.mdc`) instructing the agent to call `injectshield.classify_input` on every file read, terminal output, and fetched URL before acting. Block or escalate on `injection` / `suspicious` verdicts. For teams, point Cursor at a shared InjectShield workspace API key so all engineers' verdicts roll up to one dashboard. This gives security teams visibility into adversarial content reaching AI dev tooling, which most orgs currently have zero observability on. Reference rule template and walkthrough at injectshield.dev/docs/cursor.