Clarify security risk in USE_SHELL doc and warnings

git/cmd.py

@@ -314,10 +314,10 @@ def dict_to_slots_and__excluded_are_none(self: object, d: Mapping[str, Any], exc
 )
 
 _USE_SHELL_DANGER_MESSAGE = (
-    "Setting Git.USE_SHELL to True is unsafe and insecure, and should be avoided, "
-    "because the effect of shell metacharacters and shell expansions cannot usually be "
-    "accounted for. In addition, Git.USE_SHELL is deprecated and will be removed in a "
-    "future release."
+    "Setting Git.USE_SHELL to True is unsafe and insecure, as the effect of special "
+    "shell syntax cannot usually be accounted for. This can result in a command "
+    "injection vulnerability and arbitrary code execution. Git.USE_SHELL is deprecated "
+    "and will be removed in a future release."
 )
 
 
@@ -413,6 +413,13 @@ def __setstate__(self, d: Dict[str, Any]) -> None:
     considered and accounted for, which is not possible under most circumstances. As
     detailed below, it is also no longer needed, even where it had been in the past.
 
+    It is in many if not most cases a command injection vulnerability for an application
+    to set :attr:`USE_SHELL` to ``True``. Any attacker who can cause a specially crafted
+    fragment of text to make its way into any part of any argument to any git command
+    (including paths, branch names, etc.) can cause the shell to read and write
+    arbitrary files and execute arbitrary commands. Innocent input may also accidentally
+    contain special shell syntax, leading to inadvertent malfunctions.
+
     In addition, how a value of ``True`` interacts with some aspects of GitPython's
     operation is not precisely specified and may change without warning, even before
     GitPython 4.0.0 when :attr:`USE_SHELL` may be removed. This includes: