Why it matters
Adversa AI describes DeepJack, a Cursor deeplink weakness in which a crafted cursor:// link can register an attacker-controlled MCP server and hide the command that will execute behind an incomplete installation prompt.
My takeaway: Treat MCP installation links and approval dialogs as code-execution boundaries: show the complete command and configuration, verify the server source, sandbox execution, and require explicit review before enabling it.