Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.q-uestionable.ai/llms.txt

Use this file to discover all available pages before exploring further.

CXP supports poisoning instruction files for 6 coding assistants. Each assistant reads a specific file from the repository to customize code generation behavior.

.cursorrules

Assistant: Cursor Format ID: cursorrules File Location: .cursorrules (repository root) Syntax: Plain text The .cursorrules file contains rules that Cursor reads to customize code generation.

CLAUDE.md

Assistant: Claude Code Format ID: claude-md File Location: CLAUDE.md (repository root) Syntax: Markdown CLAUDE.md is Claude Code’s project context file, read at session start to understand project conventions.

.github/copilot-instructions.md

Assistant: GitHub Copilot Format ID: copilot-instructions File Location: .github/copilot-instructions.md Syntax: Markdown GitHub Copilot reads organization-level instructions from this file. These instructions influence code suggestions in any IDE where Copilot is enabled.

AGENTS.md

Assistant: Multi-assistant (cross-assistant standard) Format ID: agents-md File Location: AGENTS.md (repository root) Syntax: Markdown AGENTS.md is a cross-assistant convention for project-level agent instructions. Multiple coding assistants may read this file.

GEMINI.md

Assistant: Gemini Code Assist Format ID: gemini-md File Location: GEMINI.md (repository root) Syntax: Markdown GEMINI.md provides instructions specifically for Gemini Code Assist.

.windsurfrules

Assistant: Windsurf IDE Format ID: windsurfrules File Location: .windsurfrules (repository root) Syntax: Plain text .windsurfrules contains behavioral rules for the Windsurf IDE coding assistant.

Format Comparison

AssistantFormat IDFileSyntax
Cursorcursorrules.cursorrulesPlain text
Claude Codeclaude-mdCLAUDE.mdMarkdown
GitHub Copilotcopilot-instructions.github/copilot-instructions.mdMarkdown
Multi-assistantagents-mdAGENTS.mdMarkdown
Gemini Code Assistgemini-mdGEMINI.mdMarkdown
Windsurfwindsurfrules.windsurfrulesPlain text

Generating Poisoned Files

Generate poisoned files for any format using the format ID: 
qai cxp generate --format cursorrules --rule hardcoded-secrets --output-dir ./test-repo
qai cxp generate --format copilot-instructions --rule shell-true --output-dir ./test-repo

Multi-Format Testing

Test a single poisoned rule across all assistants: 
for fmt in cursorrules claude-md copilot-instructions agents-md gemini-md windsurfrules; do
  qai cxp generate --format $fmt --rule exfil --output-dir ./repo-$fmt
done
Each repo contains the same malicious rule in different format conventions. Test each with the corresponding assistant to compare vulnerability rates across tools.