Xp_cmdshell isn’t evil, so get with the program
Many companies are worried that enabling xp_cmdshell is a security hole. In fact, xp_cmdshell is limited to SQL Server administrators by default. In order for a non-admin user to use xp_cmdshell, an administrator must specifically grant permissions to them. In short: xp_cmdshell is not a security hole.