Add note about untrusted data (#12885)

* Add note about untrusted data

* Copy missed alert

Author: sdwheeler

reference/5.1/Microsoft.PowerShell.Core/About/about_Operators.md

@@ -1,7 +1,7 @@
 ---
 description: Describes the operators that are supported by PowerShell.
 Locale: en-US
-ms.date: 01/18/2026
+ms.date: 03/24/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_operators?view=powershell-5.1&WT.mc_id=ps-gethelp
 schema: 2.0.0
 title: about_Operators
@@ -301,7 +301,7 @@ At line:1 char:2
     + FullyQualifiedErrorId : CommandNotFoundException
 ```
 
-The [Invoke-Expression][26] cmdlet can execute code that causes parsing errors
+The [Invoke-Expression][27] cmdlet can execute code that causes parsing errors
 when using the call operator.
 
 ```powershell
@@ -343,6 +343,11 @@ Hello World!
 
 For more about scriptblocks, see [about_Script_Blocks][21].
 
+> [!IMPORTANT]
+> Using this operator with untrusted data is a security risk. Only use trusted
+> data with this operator. For more information, see
+> [Validate All Inputs][26].
+
 ### Cast operator `[ ]`
 
 Converts or limits objects to the specified type. If the objects can't be
@@ -644,4 +649,5 @@ properties and methods of an object, use the Static parameter of the
 [22]: about_Split.md
 [23]: about_Type_Operators.md
 [24]: about_Variables.md
-[26]: xref:Microsoft.PowerShell.Utility.Invoke-Expression
+[26]: https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/
+[27]: xref:Microsoft.PowerShell.Utility.Invoke-Expression

reference/5.1/Microsoft.PowerShell.Core/Invoke-Command.md

@@ -2,7 +2,7 @@
 external help file: System.Management.Automation.dll-Help.xml
 Locale: en-US
 Module Name: Microsoft.PowerShell.Core
-ms.date: 01/18/2026
+ms.date: 03/24/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/invoke-command?view=powershell-5.1&WT.mc_id=ps-gethelp
 schema: 2.0.0
 aliases:
@@ -706,6 +706,11 @@ passed by position from the array value supplied to **ArgumentList**. This is kn
 splatting. For more information about the behavior of **ArgumentList**, see
 [about_Splatting](about/about_Splatting.md#splatting-with-arrays).
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.Object[]
 Parameter Sets: (All)
@@ -1002,6 +1007,11 @@ the values of parameters in the script.
 When you use this parameter, PowerShell converts the contents of the specified script file to a
 scriptblock, transmits the scriptblock to the remote computer, and runs it on the remote computer.
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String
 Parameter Sets: FilePathRunspace, FilePathComputerName, FilePathUri, FilePathVMId, FilePathVMName, FilePathContainerId

reference/5.1/Microsoft.PowerShell.Management/Invoke-Item.md

@@ -2,7 +2,7 @@
 external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml
 Locale: en-US
 Module Name: Microsoft.PowerShell.Management
-ms.date: 12/12/2022
+ms.date: 03/11/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/invoke-item?view=powershell-5.1&WT.mc_id=ps-gethelp
 schema: 2.0.0
 aliases:
@@ -151,6 +151,11 @@ as escape sequences.
 
 For more information, see [about_Quoting_Rules](../Microsoft.Powershell.Core/About/about_Quoting_Rules.md).
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String[]
 Parameter Sets: LiteralPath
@@ -166,7 +171,11 @@ Accept wildcard characters: False
 ### -Path
 
 Specifies the path to the selected item.
-Wildcard characters are permitted.
+
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
 ```yaml
 Type: System.String[]
@@ -236,7 +245,7 @@ Accept wildcard characters: False
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
 -WarningAction, and -WarningVariable. For more information, see
-[about_CommonParameters](../Microsoft.PowerShell.Core/About/about_CommonParameters.md).
+[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 

reference/5.1/Microsoft.PowerShell.Management/Show-EventLog.md

@@ -24,12 +24,8 @@ Show-EventLog [[-ComputerName] <String>] [<CommonParameters>]
 The `Show-EventLog` cmdlet opens Event Viewer on the local computer and displays in it all of the
 classic event logs on the local computer or a remote computer.
 
-To open Event Viewer on Windows Vista and later versions of the Windows operating system, the
-current user must be a member of the Administrators group on the local computer.
-
-The cmdlets that contain the **EventLog** noun (the **EventLog** cmdlets) work only on classic event
-logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later
-versions of the Windows operating system, use the `Get-WinEvent` cmdlet.
+The cmdlets that contain the **EventLog** noun work only on classic event logs. To get events from
+logs that use the Windows Event Log technology, use the `Get-WinEvent` cmdlet.
 
 ## EXAMPLES
 
@@ -54,12 +50,13 @@ This command opens Event Viewer and displays in it the classic event logs on the
 ### -ComputerName
 
 Specifies a remote computer. `Show-EventLog` displays the event logs from the specified computer in
-Event Viewer on the local computer. The default is the local computer.
-
-Type the NetBIOS name, an IP address, or a fully qualified domain name of a remote computer.
+Event Viewer on the local computer. The default is the local computer. When you use this parameter,
+the command runs `eventvwr.exe` and passes the value of this parameter.
 
-This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
-parameter even if your computer is not configured to run remote commands.
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
 ```yaml
 Type: System.String
@@ -77,26 +74,27 @@ Accept wildcard characters: False
 
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
--WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+-WarningAction, and -WarningVariable. For more information, see
+[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
 
-You cannot pipe input to this cmdlet.
+You can't pipe input to this cmdlet.
 
 ## OUTPUTS
 
 ### None
 
-This cmdlet does not generate any output.
+This cmdlet doesn't generate any output.
 
 ## NOTES
 
 - The Windows PowerShell command prompt returns as soon as Event Viewer opens. You can work in the
   current session while Event Viewer is open.
 
-  Because this cmdlet requires a user interface, it does not work on Server Core installations of
+  Because this cmdlet requires a user interface, it doesn't work on Server Core installations of
   Windows Server.
 
 ## RELATED LINKS

reference/5.1/Microsoft.PowerShell.Management/Start-Process.md

@@ -2,7 +2,7 @@
 external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml
 Locale: en-US
 Module Name: Microsoft.PowerShell.Management
-ms.date: 11/01/2023
+ms.date: 03/11/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/start-process?view=powershell-5.1&WT.mc_id=ps-gethelp
 schema: 2.0.0
 aliases:
@@ -203,6 +203,11 @@ program on the computer. This parameter is required.
 
 If you specify only a filename, use the **WorkingDirectory** parameter to specify the path.
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String
 Parameter Sets: (All)
@@ -418,6 +423,11 @@ Specifies the location that the new process should start in. The default is the
 executable file or document being started. Wildcards aren't supported. The path must not contain
 characters that would be interpreted as wildcards.
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String
 Parameter Sets: (All)

reference/7.4/Microsoft.PowerShell.Core/About/about_Operators.md

@@ -1,7 +1,7 @@
 ---
 description: Describes the operators that are supported by PowerShell.
 Locale: en-US
-ms.date: 01/18/2026
+ms.date: 03/24/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_operators?view=powershell-7.4&WT.mc_id=ps-gethelp
 schema: 2.0.0
 title: about_Operators
@@ -273,7 +273,7 @@ the name, or if a path was included, verify that the path is correct and
 try again.
 ```
 
-The [Invoke-Expression][26] cmdlet can execute code that causes parsing errors
+The [Invoke-Expression][27] cmdlet can execute code that causes parsing errors
 when using the call operator.
 
 ```powershell
@@ -311,6 +311,11 @@ Hello World!
 
 For more about scriptblocks, see [about_Script_Blocks][21].
 
+> [!IMPORTANT]
+> Using this operator with untrusted data is a security risk. Only use trusted
+> data with this operator. For more information, see
+> [Validate All Inputs][26].
+
 ### Background operator `&`
 
 Runs the pipeline before it in the background, in a PowerShell job. This
@@ -897,4 +902,5 @@ ${a}?[0]
 [23]: about_Type_Operators.md
 [24]: about_Variables.md
 [25]: about_Variables.md#variable-names-that-include-special-characters
-[26]: xref:Microsoft.PowerShell.Utility.Invoke-Expression
+[26]: https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/
+[27]: xref:Microsoft.PowerShell.Utility.Invoke-Expression

reference/7.4/Microsoft.PowerShell.Core/Invoke-Command.md

@@ -2,7 +2,7 @@
 external help file: System.Management.Automation.dll-Help.xml
 Locale: en-US
 Module Name: Microsoft.PowerShell.Core
-ms.date: 01/18/2026
+ms.date: 03/24/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.core/invoke-command?view=powershell-7.4&WT.mc_id=ps-gethelp
 schema: 2.0.0
 aliases:
@@ -811,6 +811,11 @@ passed by position from the array value supplied to **ArgumentList**. This is kn
 splatting. For more information about the behavior of **ArgumentList**, see
 [about_Splatting](about/about_Splatting.md#splatting-with-arrays).
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.Object[]
 Parameter Sets: (All)
@@ -1130,6 +1135,11 @@ the values of parameters in the script.
 When you use this parameter, PowerShell converts the contents of the specified script file to a
 scriptblock, transmits the scriptblock to the remote computer, and runs it on the remote computer.
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String
 Parameter Sets: FilePathRunspace, FilePathComputerName, FilePathUri, FilePathVMId, FilePathVMName, FilePathContainerId, FilePathSSHHost, FilePathSSHHostHash
@@ -1403,7 +1413,7 @@ remote computer.
 
 > [!NOTE]
 > Parameters for the scriptblock can only be passed in from **ArgumentList** by position. Switch
-> parameters cannot be passed by position. If you need a parameter that behaves like a
+> parameters can't be passed by position. If you need a parameter that behaves like a
 > **SwitchParameter** type, use a **Boolean** type instead.
 
 ```yaml

reference/7.4/Microsoft.PowerShell.Management/Invoke-Item.md

@@ -2,7 +2,7 @@
 external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml
 Locale: en-US
 Module Name: Microsoft.PowerShell.Management
-ms.date: 12/12/2022
+ms.date: 03/11/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/invoke-item?view=powershell-7.4&WT.mc_id=ps-gethelp
 schema: 2.0.0
 aliases:
@@ -144,12 +144,18 @@ Accept wildcard characters: True
 
 ### -LiteralPath
 
-Specifies a path to one or more locations. The value of **LiteralPath** is used exactly as it is
+Specifies a path to one or more locations. The value of **LiteralPath** is used exactly as it's
 typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose
 it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters
 as escape sequences.
 
-For more information, see [about_Quoting_Rules](../Microsoft.Powershell.Core/About/about_Quoting_Rules.md).
+For more information, see
+[about_Quoting_Rules](../Microsoft.Powershell.Core/About/about_Quoting_Rules.md).
+
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
 ```yaml
 Type: System.String[]
@@ -165,8 +171,12 @@ Accept wildcard characters: False
 
 ### -Path
 
-Specifies the path to the selected item.
-Wildcard characters are permitted.
+Specifies the path to the selected item. Wildcard characters are permitted.
+
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
 ```yaml
 Type: System.String[]
@@ -218,7 +228,7 @@ Accept wildcard characters: False
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
 -WarningAction, and -WarningVariable. For more information, see
-[about_CommonParameters](../Microsoft.PowerShell.Core/About/about_CommonParameters.md).
+[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 

reference/7.4/Microsoft.PowerShell.Management/Start-Process.md

@@ -2,7 +2,7 @@
 external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml
 Locale: en-US
 Module Name: Microsoft.PowerShell.Management
-ms.date: 11/01/2023
+ms.date: 03/11/2026
 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/start-process?view=powershell-7.4&WT.mc_id=ps-gethelp
 schema: 2.0.0
 aliases:
@@ -274,9 +274,14 @@ Specifies the optional path and filename of the program that runs in the process
 an executable file or of a document, such as a `.txt` or `.doc` file, that's associated with a
 program on the computer. This parameter is required.
 
-If you specify only a filename that does not correspond to a system command, use the
+If you specify only a filename that doesn't correspond to a system command, use the
 **WorkingDirectory** parameter to specify the path.
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String
 Parameter Sets: (All)
@@ -502,12 +507,17 @@ Accept wildcard characters: False
 Specifies the location that the new process should start in.
 
 When not specified, the cmdlet defaults to the fully-qualified location specified in the
-**FilePath** parameter. If the value of the **FilePath** parameter is not fully-qualified, it
+**FilePath** parameter. If the value of the **FilePath** parameter isn't fully-qualified, it
 defaults to the current working directory of the calling process.
 
 Wildcards aren't supported. The path must not contain characters that would be interpreted as
 wildcards.
 
+> [!IMPORTANT]
+> Using this parameter with untrusted data is a security risk. Only use trusted data with this
+> parameter. For more information, see
+> [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
+
 ```yaml
 Type: System.String
 Parameter Sets: (All)