Holds if sink is a command-injection sink with highlight as the corresponding alert location.
Import path
import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuerypredicate isSinkWithHighlight(Node sink, Node highlight)