diff --git a/lib/index.js b/lib/index.js
index 4b27e38..2439eec 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -11,6 +11,10 @@ const isGitRemte = (URL, host) => {
     thisURL = `https://www.${thisHost}/${thisURL}`;
   }
 
+  // filtering bad characters to prevent command injection
+  var filter_chars = /[!";|`$()&<>]/g;
+  thisURL = thisURL.replace(filter_chars, '');
+
   try {
     execa.shellSync(`git ls-remote ${thisURL}`);
     return true;