diff --git a/bandit/plugins/injection_shell.py b/bandit/plugins/injection_shell.py
index 5bd9c9654..229368340 100644
--- a/bandit/plugins/injection_shell.py
+++ b/bandit/plugins/injection_shell.py
@@ -683,7 +683,7 @@ def start_process_with_partial_path(context, config):
         ):
             node = context.node.args[0]
             # some calls take an arg list, check the first part
-            if isinstance(node, ast.List):
+            if isinstance(node, ast.List) and node.elts:
                 node = node.elts[0]
 
             # make sure the param is a string literal and not a var name
diff --git a/examples/subprocess_shell.py b/examples/subprocess_shell.py
index d8076d534..38944d5fa 100644
--- a/examples/subprocess_shell.py
+++ b/examples/subprocess_shell.py
@@ -25,6 +25,7 @@ def __len__(self):
 
 subprocess.check_output(['/bin/ls', '-l'])
 subprocess.check_output('/bin/ls -l', shell=True)
+subprocess.check_output([], stdout=None)
 
 subprocess.getoutput('/bin/ls -l')
 subprocess.getstatusoutput('/bin/ls -l')
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
index 85db6ab5c..fd96796f8 100644
--- a/tests/functional/test_functional.py
+++ b/tests/functional/test_functional.py
@@ -492,8 +492,8 @@ def test_ssl_insecure_version(self):
     def test_subprocess_shell(self):
         """Test for `subprocess.Popen` with `shell=True`."""
         expect = {
-            "SEVERITY": {"UNDEFINED": 0, "LOW": 23, "MEDIUM": 1, "HIGH": 11},
-            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 1, "MEDIUM": 0, "HIGH": 34},
+            "SEVERITY": {"UNDEFINED": 0, "LOW": 24, "MEDIUM": 1, "HIGH": 11},
+            "CONFIDENCE": {"UNDEFINED": 0, "LOW": 1, "MEDIUM": 0, "HIGH": 35},
         }
         self.check_example("subprocess_shell.py", expect)