diff --git a/validate_command_access.sh b/validate_command_access.sh
index 93894e1..215d3c4 100644
--- a/validate_command_access.sh
+++ b/validate_command_access.sh
@@ -7,19 +7,18 @@ validate_command() {
   local tokens=("$@")
   local yaml="access.yml"
 
-  # Check if fixedArgsCommands.<cmd> exists
-  local is_fixed
+  # Check for fixed, multi, or arbitrary args commands
+  local is_fixed is_multi is_arbit
   is_fixed="$(yq e ".\"$PERSON\".fixedArgsCommands | has(\"$cmd\")" "$yaml")"
-  # Check if multiArgsCommands.<cmd> exists
-  local is_multi
   is_multi="$(yq e ".\"$PERSON\".multiArgsCommands | has(\"$cmd\")" "$yaml")"
+  is_arbit="$(yq e ".\"$PERSON\".arbitArgsCommands[]" "$yaml" | grep -qx "$cmd" && echo true || echo false)"
 
-  if [[ "$is_fixed" != "true" && "$is_multi" != "true" ]]; then
+  if [[ "$is_fixed" != "true" && "$is_multi" != "true" && "$is_arbit" != "true" ]]; then
     echo "ERROR: Command '$cmd' not allowed for $PERSON" >&2
     return 1
   fi
 
-  # Exclude flags from positional args
+  # Exclude flags from positional args for fixed/multi; pass all for arbit
   local args=()
   for tok in "${tokens[@]}"; do
     [[ "$tok" == -* ]] && continue
@@ -80,4 +79,9 @@ validate_command() {
     done
     return 0
   fi
+
+  if [[ "$is_arbit" == "true" ]]; then
+    # Arbitrary arguments allowed, always valid
+    return 0
+  fi
 }