diff --git a/tests/CliTestCase.php b/tests/CliTestCase.php
index 0fc20ef0..a0fece16 100644
--- a/tests/CliTestCase.php
+++ b/tests/CliTestCase.php
@@ -32,7 +32,7 @@ class CliTestCase
     }
     public function _invokeCommand($command, $reporter)
     {
-       $xml = shell_exec($command);
+       $xml = shell_exec(escapeshellcmd($command));
         if (! $xml) {
             if (!$this->_quiet) {
                 $reporter->paintFail('Command did not have any output [' . $command . ']');