This still seems very handwavey to me with respect to the actual vulnerabilities. And the only 'split parsing' going on is external commands parsing arguments passed to them. `test` doesn't parse bash or any other shell. `[` is not special, either; it doesn't have to communicate anything back to the shell invoking it about how to parse the rest of the program, either!

Are you categorically against shell scripting (the invocation of external binaries as commands), then?