Apply suggestions from code review

Co-authored-by: Dan D'Avella <[email protected]>

src/codemodder/scripts/generate_docs.py

@@ -179,8 +179,8 @@ class DocMetadata:
         guidance_explained="Since literals and new objects have their own identities, comparisons against them using `is` operators are most likely a bug and thus we deem the change safe.",
     ),
     "subprocess-shell-false": DocMetadata(
-        importance="Medium",
-        guidance_explained="There are valid use cases for `shell=True` such as executing a validated string command or using shell functionality like globs or wildcard.",
+        importance="High",
+        guidance_explained="In most cases setting `shell=False` is correct and leads to much safer code. However there are valid use cases for `shell=True` when using shell functionality like pipes or wildcard is required. In such cases it is important to run only trusted, validated commands.",
     ),
 }
 

src/core_codemods/docs/pixee_python_subprocess-shell-false.md

@@ -1,6 +1,6 @@
 This codemod sets the `shell` keyword argument to `False` in `subprocess` module function calls that have set it to `True`.
 
-Setting `shell=True` will execute the provided command through the system shell which can lead to shell injection vulnerabilities.
+Setting `shell=True` will execute the provided command through the system shell which can lead to shell injection vulnerabilities. In the worst case this can give an attacker the ability to run arbitrary commands on your system. In most cases using `shell=False` is sufficient and leads to much safer code.
 
 The changes from this codemod look like this: