Fortify scan flagging as bug in command injection even I applied escapeshellarg() and escapeshellcmd()?

PHP:

Fortify scan flagging as bug in command injection even I applied escapeshellarg() and escapeshellcmd()

Also, I tried the proc_open() with escapeshellarg() and escapeshellcmd() - still flagging as bug in command injection

Examples:

$inp = "input.jpg";

$out = "output.jpg";

$command = "convert ".escapeshellarg($inp)." -resize 70x70 ".escapeshellarg($out)."";
shell_exec(escapeshellcmd($command));



Any suggestions to overcome this bug?

Thanks in advance.