In cybersecurity contexts, shelling out refers to executing a process using the shell or traditional execution-related APIs as opposed to injection or other esoteric methods of execution.
As many security-focused organizations log process executions, shelling out may be avoided by operators to preserve access and evade detection.