Hi Joseph Thank you for your email on l3sys-shell. You wrote: There are two broad questions we have. First, how do people feel about > these concepts? We can see that there may be some security concerns, hence > not adding directly to the expl3 core. However, as one has to be running > with unrestricted shell escape anyway, we are not sure if providing macro > wrappers makes these worse: I'm not a security expert. Are you, Joseph? In any case, I've asked your question on stack exchange, and put a code review comment on github. Here's the URLs - https://security.stackexchange.com/questions/192249/concerns-about-latex-3-shell-escape-code - https://github.com/latex3/latex3/commit/7b62e64dde239f9cb6ae0f08400c0b5ccde815d8#diff-09def3f98d60fce78fbcc00e77c65795R3093 I hope you'll get a useful response from a security expert. best regards Jonathan