Guard
Dashboard
Redacted warning

Cursor was stopped before following a hidden instruction

A redacted example of a prompt injection via a file comment.

Stop this locallyProtect a team
Redacted for safety: no raw prompt, local path, secret, or private workspace detail is shown.

What tried to happen: Cursor attempted to run a shell command after reading a hidden instruction in a file.

Why risky: The instruction was embedded in an HTML comment invisible to the developer.

What Guard did: HOL Guard paused the command and showed the source of the instruction.

Safe next step

Review file contents that contain HTML comments or zero-width characters before letting agents act.

Prompt injectioncursor guidePrompt injection replayInstall HOL GuardProtect your team