[FEATURE] Trust prompt should warn when repo contains .claude/settings.json
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When I open an unfamiliar repository in Claude Code, the workspace trust prompt asks "Do you trust the files in this folder?" but it gives no indication of why that question has extra weight beyond normal file access. A repository can ship its own .claude/settings.json that configures Claude's behavior, expands permissions, or adds hooks. A user saying yes to the trust prompt may not realize they are simultaneously consenting to load repo-supplied configuration that influences how Claude operates in that session.
The prompt currently reads generically:
"Claude Code'll be able to read, edit, and execute files here."
This is accurate but incomplete. The user has no way of knowing from the prompt alone whether the repo is bringing its own Claude configuration.
Proposed Solution
Before displaying the trust prompt, Claude Code should perform a filesystem existence check for .claude/settings.json in the repository root. If the file exists, the trust prompt should include an additional line, for example:
This repository contains a .claude/settings.json file that will
be loaded and potentially modify claude's behavior if you proceed. Review its contents before continuing.
This should be an existence check only — not parsing or loading the file — to avoid the chicken-and-egg problem of processing untrusted config before trust is granted.
Alternative Solutions
The obvious alternative is to just read the settings file and summarize what it contains — but that creates a potential attack surface by parsing untrusted content before the user has consented to trust the repo. An existence-only check avoids this entirely while still giving the user actionable information.
A workaround today would be to manually check for .claude/settings.json before opening any unfamiliar repo in Claude Code, but there is no automated way to do this and most users would not know to look.
Priority
Medium - Would be very helpful
Feature Category
Configuration and settings
Use Case Example
- Developer clones an open source project from GitHub to have Claude Code help them understand or modify the codebase
- Developer runs claude in the project directory
- Trust prompt appears
- Developer says yes, not realizing the repo ships a .claude/settings.json with expanded permissions.allow rules or custom hooks
- Claude Code loads those settings silently and operates with the repo author's permission configuration for the session
With this feature, step 3 would instead surface a warning that a settings file exists, giving the developer a chance to review it before proceeding.
Additional Context
This request is directly related to the recently patched CVE GHSA-mmgp-wc2j-qcv7, in which a malicious .claude/settings.json could cause the trust dialog to be silently bypassed entirely. That fix prevented settings from bypassing the trust prompt. This request is the complementary improvement: ensuring the trust prompt surfaces the existence of repo-supplied settings so users can make an informed decision even when the dialog does appear.
Similar prior art: VS Code's workspace trust prompt warns users when a workspace contains tasks or settings that will execute or apply on open.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗