diff --git a/powershell/ql/lib/semmle/code/powershell/security/Sanitizers.qll b/powershell/ql/lib/semmle/code/powershell/security/Sanitizers.qll
index 29b82e5030a6..10d05a9d515e 100644
--- a/powershell/ql/lib/semmle/code/powershell/security/Sanitizers.qll
+++ b/powershell/ql/lib/semmle/code/powershell/security/Sanitizers.qll
@@ -4,11 +4,11 @@ private import semmle.code.powershell.dataflow.DataFlow
 /**
  * A dataflow node that is guarenteed to have a "simple" type.
  *
- * Simple types include integers, floats, characters, booleans, and `datetime`.
+ * Simple types include integers, floats, characters, booleans, `datetime`, and `guid`.
  */
 class SimpleTypeSanitizer extends DataFlow::Node {
   SimpleTypeSanitizer() {
     this.asParameter().getStaticType() =
-      ["int32", "int64", "single", "double", "decimal", "char", "boolean", "datetime"]
+      ["int32", "int64", "single", "double", "decimal", "char", "boolean", "datetime", "guid"]
   }
 }
diff --git a/powershell/ql/test/query-tests/security/cwe-089/test.ps1 b/powershell/ql/test/query-tests/security/cwe-089/test.ps1
index 2c023aa26f36..c2aee3af258e 100644
--- a/powershell/ql/test/query-tests/security/cwe-089/test.ps1
+++ b/powershell/ql/test/query-tests/security/cwe-089/test.ps1
@@ -138,4 +138,13 @@ $QueryConn3 = @{
 
 Invoke-Sqlcmd @QueryConn3 # GOOD
 
-&sqlcmd -e -S $userinput -U "Login" -P "MyPassword" -d "MyDBName" -i "input_file.sql" # GOOD
\ No newline at end of file
+&sqlcmd -e -S $userinput -U "Login" -P "MyPassword" -d "MyDBName" -i "input_file.sql" # GOOD
+
+function WithGuid {
+    PARAM([Parameter(Mandatory = $true)] [guid] $r)
+
+    $query = "SELECT * FROM MyTable WHERE MyColumn = '$r'"
+    Invoke-Sqlcmd -ServerInstance "MyServer" -Database "MyDatabase" -q $query # GOOD
+}
+
+WithGuid $userinput
\ No newline at end of file