you realise the whole point of segwit is that scriptsig is not part of the transaction right... you know to prevent people from tweaking it for malleability..
To maintain compatibility, p2sh, p2pkh, and p2pk outputs are not change at all. There is nothing that changes how to spend from those outputs. So if you spend from p2pkh and p2pk outputs, you are still vulnerable to transaction malleability attacks (p2sh outputs are different because with segwit there will be p2wpkh and p2wsh outputs nested inside a p2sh outputs and those aren't malleable, but the old type are). The only way to not be able to have your transaction malleated is to use the segwit outputs types as your inputs.