diff --git a/bin/gstack-slug b/bin/gstack-slug
index 6b853b6d7..24bbca4f1 100755
--- a/bin/gstack-slug
+++ b/bin/gstack-slug
@@ -31,6 +31,14 @@ fi
 # 3. Fallback to basename only when there's truly no git remote configured
 SLUG="${SLUG:-$(basename "$PWD" | tr -cd 'a-zA-Z0-9._-')}"
 
+# 3b. Re-sanitize unconditionally before the value is echoed into `eval`/`source`
+#     output. The compute (2) and fallback (3) paths already filter, but a value
+#     read straight from the cache file (1) does NOT — a poisoned
+#     ~/.gstack/slug-cache/<key> would otherwise inject shell into
+#     `eval "$(gstack-slug)"`. Filtering here honors the [a-zA-Z0-9._-] invariant
+#     promised in the header on every path, and heals a poisoned cache on write (4).
+SLUG=$(printf '%s' "$SLUG" | tr -cd 'a-zA-Z0-9._-')
+
 # 4. Cache the slug for future sessions (atomic write, fail silently)
 if [[ -n "$SLUG" ]]; then
   mkdir -p "$CACHE_DIR" 2>/dev/null || true