devin-cursorrules

The skill contains multiple tools that accept user-provided URLs and search queries without proper sanitization. The web_scraper.py tool accepts URLs directly from command line arguments and passes them to Playwright's page.goto() method. The search_engine.py tool accepts search queries that are passed directly to the DuckDuckGo API. While these don't enable direct shell injection, they create attack surfaces where malicious URLs could potentially exploit browser vulnerabilities or where crafted search queries could manipulate API behavior.

The llm_api.py tool accepts user-provided prompts and passes them directly to various LLM providers without establishing clear boundaries between the tool's intended function and user content. While the tool itself doesn't contain skill instructions that could be overridden, it creates a pathway for users to send arbitrary instructions to LLMs, potentially bypassing intended usage patterns when integrated into larger systems.

The load_environment() function searches for and loads environment variables from multiple .env files in order of precedence (.env.local, .env, .env.example). While this is contained within the project directory, the function prints all available system environment variables to stderr for debugging, which could expose sensitive system-level configuration.

The skill makes HTTP requests to multiple external services without declaring these network destinations in its metadata. It connects to OpenAI (api.openai.com), Azure OpenAI, DeepSeek (api.deepseek.com), SiliconFlow (api.siliconflow.cn), Anthropic, Google Gemini, DuckDuckGo search, and a hardcoded local IP address (192.168.180.137:8006). These external calls could be used to exfiltrate project data through API requests, search queries, or LLM prompts.

The skill declares an empty scope ({}) but contains substantial Python code files including LLM API clients, web scraping tools, screenshot utilities, and search engines. This represents a significant volume mismatch between the declared minimal scope and the actual extensive codebase. The skill appears to be a complete development toolkit rather than a simple rules file.

This skill appears to be named 'devin.cursorrules' suggesting it's a cursor rules file, but contains extensive Python tooling for LLM API access, web scraping, and screenshot capabilities. The scope includes multiple LLM providers (OpenAI, Anthropic, Google, Azure, DeepSeek, SiliconFlow), web browsing with Playwright, and search engine access. This is significantly broader than typical cursor rules which focus on coding standards and editor behavior.

The skill uses 'from duckduckgo_search import DDGS' in search_engine.py but does not declare duckduckgo_search as a dependency in its metadata. This creates an implicit dependency that bypasses user review of what packages will be installed.

The skill uses 'import html5lib' in web_scraper.py but does not declare html5lib as a dependency in its metadata. This creates an implicit dependency that bypasses user review of what packages will be installed.

The skill uses 'from dotenv import load_dotenv' in llm_api.py but does not declare python-dotenv as a dependency in its metadata. This creates an implicit dependency that bypasses user review of what packages will be installed.

The skill imports multiple LLM API packages (google.generativeai, openai, anthropic) in llm_api.py but does not declare these as dependencies in its metadata. This creates implicit dependencies that bypass user review of what packages will be installed.