wouldn't the attack vector be like this:
I find a github repo, I want to contribute to it. I clone it, open up cursor, make an edit, commit, and boom, I am infected.
From my reading, boom happens at "open up cursor".
you would only need to open it to be exploited, not edit or prompt. Allegedly
From my reading, boom happens at "open up cursor".