'TrustFall' Convention Exposes Claude Code Execution Risk

Adversa AI found that several AI coding tools allow a repository to auto-approve and start an attacker-controlled Model Context Protocol (MCP) server when a developer accepts a broad "trust this folder" prompt (or when run in CI), enabling arbitrary code execution with full user privileges and potential full-machine compromise; Anthropic and others treat this as a convention rather than a vendor bug, and Adversa recommends tightening controls on developer endpoints and CI pipelines and inspecting project configurations.