Claude Code Finding 2: MCP Blanket Trust Escalation via enableAllProjectMcpServers
How the 'Use this and all future MCP servers' option grants permanent, unbounded trust to arbitrary MCP server definitions added after the initial consent.
Supply-Chain
Claude Code Finding 1: Silent Command Execution via .mcp.json Trust Model
How a one-time trust decision in Claude Code enables silent arbitrary command execution when .mcp.json is modified after initial approval.