lgtm,codescanning
* The query "Uncontrolled command line" (`java/command-line-injection`) has
  been improved to better distinguish between command injection and safe
  command arguments.