Definition
Destructive shell and filesystem operations modify or delete data (recursive deletes, overwriting files, dangerous redirects) or chain execution (| sh) in ways operators did not intend.
How it appears in MCP
Shell-class tools expose MCP tools/call arguments that carry command strings or paths. Prompt injection or typos can turn a “safe” tool into an outage or data loss vector.
Example pattern
Incident literature is full of destructive automation and shell metacharacter accidents; MCP does not magically contain those classes of bugs—it routes them through a smaller, inspectable surface when proxied.
What MCP Trail does on the Guardian path
Shell safety heuristics, HITL for risky tools, audit/protection logs, and rate limits reduce accidental and malicious execution. Verify exact heuristics and tool classifications in the product.
What still needs process
Filesystem permissions, sandboxing upstream tools, and backup/restore discipline.