Highlight that configurations are not sanitised ✋

Author: pirelenito

README.md

@@ -126,7 +126,9 @@ module.exports = {
 
 ### `commithashCommand: 'rev-parse HEAD'`
 
-To change the default `git` command used to read the value of `COMMITHASH`:
+To change the default `git` command used to read the value of `COMMITHASH`.
+
+This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
 
 ```javascript
 var GitRevisionPlugin = require('git-revision-webpack-plugin')
@@ -142,7 +144,9 @@ module.exports = {
 
 ### `versionCommand: 'describe --always'`
 
-To change the default `git` command used to read the value of `VERSION`:
+To change the default `git` command used to read the value of `VERSION`.
+
+This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
 
 ```javascript
 var GitRevisionPlugin = require('git-revision-webpack-plugin')
@@ -158,7 +162,9 @@ module.exports = {
 
 ### `branchCommand: 'rev-parse --abbrev-ref HEAD'`
 
-To change the default `git` command used to read the value of `BRANCH`:
+To change the default `git` command used to read the value of `BRANCH`.
+
+This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
 
 ```javascript
 var GitRevisionPlugin = require('git-revision-webpack-plugin')
@@ -174,7 +180,9 @@ module.exports = {
 
 ### `lastCommitDateTimeCommand: 'log -1 --format=%cI'`
 
-To change the default `git` command used to read the value of `LASTCOMMITDATETIME`:
+To change the default `git` command used to read the value of `LASTCOMMITDATETIME`.
+
+This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
 
 ```javascript
 var GitRevisionPlugin = require('git-revision-webpack-plugin')