Verify token format

install-scripts/install-endpoint-mac.sh

@@ -103,6 +103,13 @@ main() {
         error "Token is required. Pass it with --token <TOKEN> or enter it when prompted."
     fi
 
+    # Validate token to prevent injection
+    case "$TOKEN" in
+        *[\"\'\;\`\$\ ]*)
+            error "Invalid token format. Token must not contain quotes, semicolons, backticks, dollar signs, or whitespace."
+            ;;
+    esac
+
     # 2. Download and verify checksum
     PKG_FILE=$(mktemp /tmp/SafeChainUltimate.XXXXXX.pkg)
     trap cleanup EXIT

install-scripts/install-endpoint-windows.ps1

@@ -47,6 +47,11 @@ function Install-Endpoint {
         }
     }
 
+    # Validate token to prevent command/property injection via msiexec
+    if ($token -match '[";`$\s]') {
+        Write-Error-Custom "Invalid token format. Token must not contain quotes, semicolons, backticks, dollar signs, or whitespace."
+    }
+
     # 2. Download the .msi
     $msiFile = Join-Path $env:TEMP "SafeChainUltimate-$([System.Guid]::NewGuid().ToString('N')).msi"