A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it's opened.