Technology ❯ Software Engineering ❯ Development Practices ❯ Command Injection
Security teams warn the default launch path can run local commands even when server startup fails, creating broad supply‑chain risk across popular MCP SDKs.