This one's subtle, which makes it worse.

A developer was using Cursor's Composer agent (model v2) to work on a project running on a remote Raspberry Pi over SSH. At some point, the agent decided to tidy up the Git state and ran git stash push -u.

The -u flag tells Git to stash untracked files too. What most developers don't internalize is that "stash untracked" means "remove untracked files from the working tree." Git doesn't copy them somewhere safe first — it moves them into the stash object and deletes them from disk.

The untracked files in question? Credential files and runtime configuration that the project needed to function. Gone from the filesystem. Technically recoverable from the Git stash, but only if you know what happened and act fast.

The developer filed a detailed bug report on Cursor's forum, complete with OS version (Windows 10/11), Cursor version (2.6.19), and the exact command the agent executed. The specificity of the report makes it clear: this wasn't user error. The agent chose the command. The agent had SSH access. The agent didn't understand that -u on a remote host is a footgun.

The lesson: Git commands that are "safe" in a local dev context become destructive when an agent runs them on a remote production-adjacent system. The agent doesn't know where it is.