symfony

Access to RequestStack bypassing SQRS DTOs?

When we access the command, query, event handler of the RequestStack we bypass the command itself. That is, you can get a bunch of other parameters from the request + the same ones that were passed in the command. What makes the command like a validation DTO, but the developer can take data from the request itself.
So responsibility and boundaries are blurred a little, RequestStack is like a hack to bypass the ATT.
For example, commands can always be empty, we get access to data from the RequestStack and inside the Handler we create a validation DTO and perform other validations.

class ValidateRegistration {
   // Assert/NotBlunk
   // Assert/Type('string')
   // Assert/Length(['min' => 3])
   public string $email;
}

class RegisterUserCommand { // can be filled with data to validate }

class RegisterUserCommandHandler {

public function __construct (RequestStack $requestStack, IValidationService $validator)
// init
$this->lastReuqest = $reqeustStack->getLastRequest();
}

public function __invoke(RegisterUserCommand $command) {

$this->validator->validate(...)
// or
$dto = new ValidateRegistration($this->lastRequest->request->get('email'))
$this->validator->validate($dto);

// $dto for validation could be self-contained with Annotations, so we could validate its params without calling validator
}

Here, at the top, an approach is described that leaves the command empty and the command, as a supplier, validates itself.
Of the shortcomings, it is probably worth noting when the handler handles several commands, each must be validated differently.
And this is only about basic validation, more complex, for example, checking for existence or whether a user can register at all, all such conditions are already met in the team.

Will access and use of the RequestStack violate any principles in the CQRS Handler?
Is it necessary to take all the data from the command, or can it be taken from the request?
All data or part?
If a part, which one?