Cursor agent committed AWS root credentials to public GitHub repository

Developer asked Cursor to commit and push a refactor. The agent did not verify the .gitignore was correctly excluding the .env file. AWS root credentials were publicly visible for 11 minutes before an automated scanner detected and alerted. Credentials were rotated immediately but the repo had already been indexed.