xp_cmdshell
cannot be used safely. It should not be used.
Certain functions behave in dangerous ways regardless of how they are used. The function xp_cmdshell
launches a Windows command shell to execute the provided command string. The command executes either in the default system or a provided proxy context. However, there is no way to limit a user to prespecified set of privileged operations and any privilege grant opens up the user to execute any command string.
[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 242
[2] xp_cmdshell