Stats
Actions
Tags
From cursor-pack
Provides solutions to Cursor IDE pitfalls including AI Composer errors, context overflow, security gotchas, configuration issues, and team workflow problems.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cursor-pack:cursor-known-pitfallsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Common Cursor IDE pitfalls and their solutions. Organized by category: AI behavior, security, configuration, performance, and team collaboration.
references/ai-feature-pitfalls.mdreferences/completion-pitfalls.mdreferences/configuration-pitfalls.mdreferences/errors.mdreferences/examples.mdreferences/performance-pitfalls.mdreferences/recovery-strategies.mdreferences/security-pitfalls.mdreferences/team-pitfalls.mdreferences/workflow-pitfalls.mdCommon Cursor IDE pitfalls and their solutions. Organized by category: AI behavior, security, configuration, performance, and team collaboration.
Problem: Clicking "Apply All" without reviewing diffs. Composer can generate code with wrong imports, hallucinated APIs, or logic errors.
Solution:
1. Click each file in the Changes panel to review its diff
2. Check imports: are they real packages in your project?
3. Check function calls: do the methods actually exist?
4. Run build after applying: npm run build
5. Run tests: npm test
6. Commit BEFORE running Composer (easy rollback with git checkout .)
Problem: Adding too many @Files, @Folders, and @Codebase references. The model silently drops information, leading to:
Solution:
- Use @Files (specific) over @Folders (broad) over @Codebase (broadest)
- Limit to 3-5 file references per prompt
- Start new chats for new topics
- Remove stale context pills by clicking X
Problem: Reusing a 20+ turn conversation for a new task. The conversation history fills context, leaving no room for your new request.
Solution: Cmd+N to start a new chat for each distinct task.
Problem: AI uses old APIs (React class components, Express 4 syntax, CommonJS require).
Solution: Pin versions in project rules:
# .cursor/rules/stack.mdc
---
description: "Tech stack versions"
globs: ""
alwaysApply: true
---
ALWAYS use these versions:
- React 19 with Server Components (NOT class components)
- Next.js 15 App Router (NOT Pages Router)
- TypeScript 5.7 strict (NOT any casts)
- ESM imports (NOT CommonJS require)
Problem: Tab suggests text you do not want, and you accidentally accept it while pressing Tab for indentation.
Solution:
Esc to dismiss before pressing Tab for indentationCmd+K Cmd+S > search acceptCursorTabSuggestion > assign different keyProblem: Copying an error message that includes an API key, database URL, or token and pasting it into Chat.
Solution:
NEVER paste:
- .env file contents
- Error logs containing credentials
- Database connection strings
- API response headers with auth tokens
INSTEAD:
- Redact secrets before pasting: "API key sk-...XXXX returned 401"
- Describe the error without the sensitive values
- Use @Files to reference the code, not copy-paste
Problem: Without .cursorignore, sensitive files (.env, credentials, PII) may be included in AI context via @Codebase search or automatic context.
Solution: Create .cursorignore in every project:
.env*
**/secrets/
**/credentials/
**/*.pem
**/*.key
Problem: Without Privacy Mode, code may be retained by model providers for training.
Solution:
Cursor Settings > General > Privacy Mode > ONProblem: AI generates authentication, encryption, or authorization code that looks correct but has subtle vulnerabilities (timing attacks, SQL injection via string concatenation, missing CSRF protection).
Solution:
- Security-critical code ALWAYS needs human expert review
- Run SAST tools (Semgrep, Snyk) on AI-generated code
- Never deploy AI-generated auth code without penetration testing
- Add security rules in .cursor/rules/security.mdc
Problem: Without .cursor/rules/, the AI generates code without knowing your conventions, stack, or patterns. Result: inconsistent code that does not match your project.
Solution: Create at minimum:
project.mdc (stack, conventions, alwaysApply: true)security.mdc (security constraints, alwaysApply: true)Problem: Multiple .mdc rules with contradictory instructions (one says "use classes", another says "use functions").
Solution:
@Cursor Rules in Chat to see which rules are active for a given fileProblem: GitHub Copilot + Cursor Tab both enabled. Double ghost text, conflicting suggestions, UI glitches.
Solution: Disable all other inline completion extensions:
Only one inline completion provider should be active.
Problem: Opening a monorepo root with 200K files. Indexing takes hours, @Codebase returns noise, editor is sluggish.
Solution: Open specific packages: cursor packages/api/
Problem: Cursor watches every file for changes, including node_modules/, dist/, and .git/objects/. Causes high CPU and memory.
Solution:
// settings.json
{
"files.watcherExclude": {
"**/node_modules/**": true,
"**/.git/objects/**": true,
"**/dist/**": true,
"**/build/**": true
}
}
Problem: Running Cursor for weeks with dozens of open chat tabs. Memory grows, editor slows.
Solution: Close old chat tabs. Start new conversations. Restart Cursor weekly during heavy use.
Problem: .cursor/rules/ not committed to git. Each developer has different (or no) AI behavior rules.
Solution: Commit .cursor/rules/ and .cursorignore to git. PR-review rule changes like any other configuration.
Problem: Developers commit AI-generated code without review. Bugs, wrong patterns, and security issues reach main branch.
Solution:
Problem: Some developers use Opus for everything (consuming quota fast), others use cursor-small (poor quality).
Solution:
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin cursor-packProvides production readiness checklist for Cursor IDE: authentication, security rules, indexing config, privacy settings, and team standards.
Read-only delegate to Cursor Composer for questions, investigation, design discussion, and adversarial sanity checks. Activates on phrases like 'ask cursor' or 'sanity check'.
Tests prompt injection chains in AI IDEs for config modification and privilege escalation vulnerabilities. Use for assessing adversarial attacks, rules override, auto-loading, and file-write exploits.