Are parameters passed to subprocess safe in any way from code injection?

I am building a small python program to do some movie file tagging. For ease, I am passing the tag info to AtomicParsley (on Windows) using subprocess.call(). The tag information is an online source, retrieved automatically. If some individual were to place code in the tags (i.e. replaced the actors with some sort of rd term), would subprocess be safe from that execution? This is more of a conceptual question than a question about the specifics of the language.

The subprocess.call is executed with [‘AtomicParsley’,filename,’–tag1′,tag1_info,(…)]. Since the first part of the command is guaranteed to be the name of the AP executable and the second is guaranteed to be a valid filename, I should think any malicious code inside the metainfo database would just be written as a string to the appropriate tag (i.e. the Actor’s name would be del C:\Windows). Do those seem like reasonable assumptions?