Fake Sentry issues may trick coding agents into unsafe installs
A post in r/cursor describes an attack where fake error logs create fake Sentry issues for coding agents to fix. The post says the issue can be written like instructions and tell the agent to run a malicious npm package. In the described case, the agent noticed a typosquat and refused to install it.
Key points
- The post says Sentry issues should be treated as untrusted outside input.
- A fake issue can be written to look like a repair guide or diagnostic step.
- The suggested “fix” may be a malicious npm package with a typosquat name.
- The agent caught the suspicious package in the described case, but the author says that should not be the main defense.
- A commenter suggests using repo-owned scripts for diagnostics and requiring separate approval for new packages.
Quick term guide
- r/cursor
- A Reddit community focused on Cursor.
- coding agents
- AI programs designed to autonomously perform tasks like writing or fixing code.
- coding agent
- An AI tool that writes or edits code from a person’s instructions.
- npm package
- A bundle of JavaScript code that a project can install and use.
- typosquat
- A fake name that looks almost like a trusted name.
- Solo makers
- People who build and launch their own products or services entirely on their own.
- commands
- Instructions given to a computer or tool to do a specific task.
- packages
- Bundles of outside code that developers add to a project to save time.