The key points of this text revolve around the concept of argument injection when using Version Control System (VCS) tools like git and mercurial. The main goal of this research is to explore how it's possible to execute arbitrary commands even when using a safe API that prevents command injection. This is achieved by exploiting options in these VCS tools, such as aliases and hooks, which allow users to specify custom commands or modify the behavior of existing ones. These vulnerabilities can be exploited by adding the "--" characters before user-controlled values, effectively separating arguments from potentially malicious input. Remediation suggestions include ensuring that user-provided values do not change the behavior of commands by injecting or manipulating options, and documenting the handling of such values to avoid confusion among users. The research highlights the importance of proper sanitization and secure coding practices when working with VCS tools, even in the presence of safe APIs designed to prevent command injection.