diff --git a/src/extensions/mod.rs b/src/extensions/mod.rs
index 58fb2734..8aeb1c04 100644
--- a/src/extensions/mod.rs
+++ b/src/extensions/mod.rs
@@ -29,6 +29,7 @@ pub(crate) struct PreParsedGlobals {
     pub read_only: bool,
     pub org: Option<String>,
     pub jq: Option<String>,
+    pub trust_site: bool,
 }
 
 /// Parse the CLI arguments in a single left-to-right pass.
@@ -41,6 +42,7 @@ pub(crate) fn parse_extension_args(args: &[String]) -> ParsedArgs {
         read_only: false,
         org: None,
         jq: None,
+        trust_site: false,
     };
     let mut candidate: Option<String> = None;
     let mut ext_args: Vec<String> = Vec::new();
@@ -74,6 +76,7 @@ pub(crate) fn parse_extension_args(args: &[String]) -> ParsedArgs {
             "--yes" | "-y" => globals.yes = true,
             "--agent" => globals.agent = true,
             "--read-only" => globals.read_only = true,
+            "--trust-site" => globals.trust_site = true,
             // Equals-syntax value flags: --output=table, --org=prod
             s if s.starts_with("--output=") => {
                 globals.output = Some(s["--output=".len()..].to_string());
@@ -218,6 +221,21 @@ mod tests {
         assert!(parsed.globals.read_only);
     }
 
+    #[test]
+    fn test_parse_trust_site_flag() {
+        let parsed = parse_extension_args(&args("pup --trust-site terraform plan"));
+        assert_eq!(parsed.candidate.as_deref(), Some("terraform"));
+        assert_eq!(parsed.ext_args, vec!["plan"]);
+        assert!(parsed.globals.trust_site);
+    }
+
+    #[test]
+    fn test_parse_trust_site_defaults_false() {
+        let parsed = parse_extension_args(&args("pup terraform plan"));
+        assert_eq!(parsed.candidate.as_deref(), Some("terraform"));
+        assert!(!parsed.globals.trust_site);
+    }
+
     #[test]
     fn test_parse_short_yes() {
         let parsed = parse_extension_args(&args("pup -y terraform"));
diff --git a/src/main.rs b/src/main.rs
index cba56b20..306bc0f1 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -11112,6 +11112,16 @@ async fn main_inner() -> anyhow::Result<()> {
                 if let Some(ext_path) = extensions::extension_path(candidate) {
                     let mut cfg = config::Config::from_env()?;
                     parsed.globals.apply_to(&mut cfg)?;
+                    #[cfg(not(feature = "browser"))]
+                    {
+                        let interactive = std::io::stdin().is_terminal() && !cfg.agent_mode;
+                        let trusted_sites = config::configured_trusted_sites();
+                        cfg.ensure_site_trusted(
+                            parsed.globals.trust_site,
+                            interactive,
+                            &trusted_sites,
+                        )?;
+                    }
                     let exit_code = extensions::exec_extension(&ext_path, &parsed.ext_args, &cfg)?;
                     std::process::exit(exit_code);
                 }