Problem

Shared prompt and instruction files (.cursorrules, .github/prompts/, etc.) are becoming a de facto supply chain — but without any integrity guarantees. Researchers found that 6 of 50 popular shared .cursorrules files contained hidden zero-width Unicode characters embedded between visible text.

These characters are invisible to humans but LLMs tokenize them individually, meaning models can process instructions developers cannot see. Some had patterns consistent with deliberate instruction embedding using Unicode tag characters (U+E0001–U+E007F), which map 1:1 to invisible ASCII.

This is not a Cursor-specific issue — it affects any tool that consumes community-shared prompt files.

Solution

APM should scan for hidden Unicode characters in prompt files, both at install time and on demand — positioned as "npm audit for AI prompts."

Requirements

1. apm audit command — scan installed packages for hidden characters
2. apm audit --file — scan arbitrary files (gateway feature for non-APM users)
3. apm audit --fix — auto-strip non-critical characters
4. Install-time scanning — apm install surfaces findings in diagnostics
5. Severity levels — critical (tag chars, bidi overrides), warning (zero-width), info (unusual whitespace)
6. Exit codes — 0 clean, 1 critical, 2 warnings (CI-friendly)

Characters to detect

Product positioning

This is the first pillar of apm audit. Future modes include --ci (lock consistency) and --drift (on-disk divergence), as documented in the governance guide.