diff --git a/action.yaml b/action.yaml
index 86e2c31..8a57925 100644
--- a/action.yaml
+++ b/action.yaml
@@ -183,9 +183,10 @@ runs:
           local input_value="$2"
           local default_value="$3"
         
-          if [ ! -z "$input_value" ] && [ "$input_value" != "$default_value" ]; then
+          if [ -n "$input_value" ] && [ "$input_value" != "$default_value" ]; then
             # If action was provided with explicit input by the caller set that
-            echo "export $var_name=$input_value" >> trivy_envs.txt
+            # Use printf %q to safely escape special characters and prevent command injection
+            printf 'export %s=%q\n' "$var_name" "$input_value" >> trivy_envs.txt
           fi
         }