Critical Security Bug: AI Agent Deletes Files Despite Delete File Protection Being Enabled

[Turkmen87]

Bug Description

The AI Agent is able to delete files even when "Delete File Protection" is enabled in settings. This is a critical security issue that can lead to irreversible data loss.

Steps to Reproduce

1. Enable "Delete File Protection" in Cursor settings
2. Ask the AI to modify multiple files
3. Observe that the AI deletes existing files and attempts to recreate them, instead of modifying them in place
4. Files are permanently deleted despite Delete File Protection being enabled

Expected Behavior

• When Delete File Protection is enabled, the AI should not be able to delete any files
• AI should modify files in place instead of using delete-and-recreate approach
• Any file deletion attempt should be blocked
• User should be warned about any deletion attempts

Actual Behavior

• AI can delete files even with Delete File Protection enabled
• No warning or confirmation is shown before deletion
• Multiple files can be deleted in batch
• Deleted files cannot be recovered
• AI uses a delete-and-recreate approach instead of in-place modification

Impact

• Permanent loss of user code and data
• Project integrity compromise
• Loss of work progress
• No way to recover deleted files if not previously committed to version control

Environment

• Cursor IDE
• Delete File Protection: Enabled
• MCP Tools Protection: Disabled

Additional Notes

This is a critical security issue as it bypasses an explicit security setting meant to prevent file deletion. The AI should respect the Delete File Protection setting and never delete files when this protection is enabled.

Severity

Critical - Data loss security issue

Suggested Fix

1. Enforce Delete File Protection at the system level
2. Prevent AI from using delete-and-recreate approach when modifying files
3. Add confirmation dialogs for any file modification operations
4. Implement file operation logging
5. Add recovery mechanism for modified files