DNS over HTTPS is something I hope to avoid as long as possible or keep under own control, not only for such stuff, but for a working Pi-Hole - But currently it seems to be en vogue to target it.
Dynamic patching of the AMSI without SU/Admin credentials smells of hexapod critter, perhaps should not be allowed dynamically at all.
The command creation via split not resulting in a file to load and keep on HD while executing is ugly - uncertain something similar could be done via only memory based file.