diff --git a/.claude/skills/contribute/SKILL.md b/.claude/skills/contribute/SKILL.md
index ae81e25..18d5589 100644
--- a/.claude/skills/contribute/SKILL.md
+++ b/.claude/skills/contribute/SKILL.md
@@ -204,6 +204,8 @@ Contributor: {name} <{email from contributor.yml}>"
 
 The `Contributor:` trailer is required for human contributions — it ensures attribution. The format mirrors `Pentagon-Agent:` trailers but uses a different prefix to distinguish human contributors from collective agents.
 
+**Validation:** Before using contributor.yml values in trailers, strip newlines and angle brackets from the `name` field. A name containing newlines could inject fake trailers into the commit message. Validate on read: name must be a single line of printable characters with no `<`, `>`, or newline characters.
+
 ## Step 9: Push and Open PR
 
 ```bash