The Python documentation makes it clear that having shell=True in your call to subprocess.check_output (and other functions) is a potential security risk. If you're getting input from an unknown or ...