Shell wrapper command detected

AI security governance · MCP security

Severity

critical

What it is

The server uses a shell wrapper (sh -c, bash -c, cmd /c) which passes arguments through a shell interpreter, enabling injection.

How Igris detects it

Igris's Command Injection Detector flags this during MCP security scans of your configuration.

References

Related MCP security rules

Secure your AI estate with Igris