diff --git a/scripts/skills-ref b/scripts/skills-ref
index 0143de6c..a1bfbf13 100755
--- a/scripts/skills-ref
+++ b/scripts/skills-ref
@@ -424,6 +424,9 @@ cmd_to_prompt() {
// Get content after frontmatter
const afterFrontmatter = content.replace(/^---[\\s\\S]*?---\\n/, '').trim();
+ // Split CDATA terminators to prevent XML injection
+ const safeCdata = afterFrontmatter.replace(/]]>/g, ']]]]>');
+
// Escape XML special chars in description
const escapeXml = (s) => s
.replace(/&/g, '&')
@@ -434,7 +437,7 @@ cmd_to_prompt() {
console.log(' ');
console.log(' ' + escapeXml(description) + '');
console.log(' ');
console.log(' ');
" "$skill_md"
diff --git a/tests/fixtures/cdata-terminator/SKILL.md b/tests/fixtures/cdata-terminator/SKILL.md
new file mode 100644
index 00000000..3382af73
--- /dev/null
+++ b/tests/fixtures/cdata-terminator/SKILL.md
@@ -0,0 +1,9 @@
+---
+name: cdata-terminator
+description: Fixture containing a CDATA terminator to test XML-safe prompt generation.
+---
+
+# CDATA Terminator Fixture
+
+This line includes a malicious terminator attempt:
+]]>pwn