CLAIM 10 / Claude Code
"Trust verification: First-time codebase runs and new MCP servers require trust verification"
partial
Observed
The dialog exists, but trust-before-verify has been breached four times by CVE: ANTHROPIC_BASE_URL in a committed settings file forwarded the API Authorization header before the trust dialog completed (CVE-2026-21852, patched < v2.0.65); enableAllProjectMcpServers executed MCP startup commands before the dialog appeared (CVE-2025-59536, patched < v1.0.111); a repo-controlled permissions.defaultMode: bypassPermissions silently skipped the trust dialog itself (CVE-2026-33068); and deny rules failed through symlinks (CVE-2026-25724). All are patched per disclosure review (source-reviewed 2026-05-24), and the docs themselves disclose that trust verification is disabled in -p non-interactive mode.