point_servercommand isn't a potential security risk, it IS a security risk.
I've only encountered one map in the wild that actually had malicious point_servercommand usage (zm_littlecity_v7 for CS:S) but where there's one, there's going to be more. If the server isn't running a plugin to sanitize point_servercommand so it can't do anything malicious, all maps put on the server should be decompiled to check them before using on the server. Unfortunately Valve has their garbage workshop system which makes getting the actual BSPs more difficult.
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds