diff --git a/base-action/src/index.ts b/base-action/src/index.ts
index 970e79d..66ac615 100644
--- a/base-action/src/index.ts
+++ b/base-action/src/index.ts
@@ -13,7 +13,7 @@ async function run() {
 
     await setupClaudeCodeSettings(
       process.env.INPUT_SETTINGS,
-      undefined, // homeDir
+      false, // mcpJsonChanged — standalone base-action has no PR context to check
     );
 
     // Install Claude Code plugins if specified
diff --git a/base-action/src/setup-claude-code-settings.ts b/base-action/src/setup-claude-code-settings.ts
index a5109ae..cdcaa79 100644
--- a/base-action/src/setup-claude-code-settings.ts
+++ b/base-action/src/setup-claude-code-settings.ts
@@ -66,8 +66,11 @@ export async function setupClaudeCodeSettings(
     settings.enableAllProjectMcpServers = true;
     console.log(`Updated settings with enableAllProjectMcpServers: true`);
   } else {
+    // .mcp.json is untrusted in this PR — strip any enableAllProjectMcpServers
+    // that came from user input so the protection cannot be bypassed.
+    delete settings.enableAllProjectMcpServers;
     console.log(
-      `Skipping enableAllProjectMcpServers=true because .mcp.json changed in this PR`,
+      `Removing enableAllProjectMcpServers because .mcp.json changed in this PR`,
     );
   }
 
diff --git a/base-action/test/setup-claude-code-settings.test.ts b/base-action/test/setup-claude-code-settings.test.ts
index 1438931..eb4c539 100644
--- a/base-action/test/setup-claude-code-settings.test.ts
+++ b/base-action/test/setup-claude-code-settings.test.ts
@@ -108,7 +108,7 @@ describe("setupClaudeCodeSettings", () => {
     expect(settings.model).toBe("test-model");
   });
 
-  test("should not override enableAllProjectMcpServers when mcpJsonChanged is true and input sets it false", async () => {
+  test("should remove enableAllProjectMcpServers when mcpJsonChanged is true and input sets it false", async () => {
     const inputSettings = JSON.stringify({
       enableAllProjectMcpServers: false,
       model: "test-model",
@@ -119,7 +119,22 @@ describe("setupClaudeCodeSettings", () => {
     const settingsContent = await readFile(settingsPath, "utf-8");
     const settings = JSON.parse(settingsContent);
 
-    expect(settings.enableAllProjectMcpServers).toBe(false);
+    expect(settings.enableAllProjectMcpServers).toBeUndefined();
+    expect(settings.model).toBe("test-model");
+  });
+
+  test("should remove enableAllProjectMcpServers when mcpJsonChanged is true even if input sets it true", async () => {
+    const inputSettings = JSON.stringify({
+      enableAllProjectMcpServers: true,
+      model: "test-model",
+    });
+
+    await setupClaudeCodeSettings(inputSettings, true, testHomeDir);
+
+    const settingsContent = await readFile(settingsPath, "utf-8");
+    const settings = JSON.parse(settingsContent);
+
+    expect(settings.enableAllProjectMcpServers).toBeUndefined();
     expect(settings.model).toBe("test-model");
   });