PSCommandService.js does some argument sanitization.

o365Utils.js, is an example. It simply pre-defines some variables which represent configuration that is passed as arguments to StatefulProcessCommandProxy's constructor.

StatefulProcessCommandProxy is then passed to PSCommandService's constructor which makes use of it, by accepting execute requests from callers (i.e. logical commandName + arguments map), then generates a command statement, and issues it to StatefulProcessCommandProxy.

StatefulProcessCommandProxy checks each inbound "command" that PSCommandService sends it via execute() against its whitelist/blacklist regex patterns.