diff --git a/internal/step-lib/util/cli-util/sanitizeParam.go b/internal/step-lib/util/cli-util/sanitizeParam.go
new file mode 100644
index 00000000..28fe4d12
--- /dev/null
+++ b/internal/step-lib/util/cli-util/sanitizeParam.go
@@ -0,0 +1,8 @@
+package cli_util
+
+import "fmt"
+
+// SanitizeCliParam is used where we are directly injecting the user defined params to any CLI commands. This prevents any script injection to the running env
+func SanitizeCliParam(param string) string {
+	return fmt.Sprintf("%q", param)
+}
diff --git a/pkg/security/ImageScanService.go b/pkg/security/ImageScanService.go
index 845973a7..3ec0e5d1 100644
--- a/pkg/security/ImageScanService.go
+++ b/pkg/security/ImageScanService.go
@@ -536,14 +536,14 @@ func (impl *ImageScanServiceImpl) RenderInputDataForAStep(inputPayloadTmpl strin
 		}
 	}
 	//entering imageScanRenderData in above json map; TODO: update this to some other logic to handle more fields in future
-	jsonMap[common.AWSSecretAccessKey] = imageScanRenderDto.AWSSecretAccessKey
-	jsonMap[common.AWSAccessKeyId] = imageScanRenderDto.AWSAccessKeyId
-	jsonMap[common.AWSRegion] = imageScanRenderDto.AWSRegion
-	jsonMap[common.Username] = imageScanRenderDto.Username
-	jsonMap[common.Password] = imageScanRenderDto.Password
-	jsonMap[common.GCR_FILE_PATH] = toolExecutionDirectoryPath
-	jsonMap[common.IMAGE_NAME] = imageScanRenderDto.Image
-	jsonMap[common.OUTPUT_FILE_PATH] = imageScanRenderDto.OutputFilePath
+	jsonMap[common.AWSSecretAccessKey] = cliUtil.SanitizeCliParam(imageScanRenderDto.AWSSecretAccessKey)
+	jsonMap[common.AWSAccessKeyId] = cliUtil.SanitizeCliParam(imageScanRenderDto.AWSAccessKeyId)
+	jsonMap[common.AWSRegion] = cliUtil.SanitizeCliParam(imageScanRenderDto.AWSRegion)
+	jsonMap[common.Username] = cliUtil.SanitizeCliParam(imageScanRenderDto.Username)
+	jsonMap[common.Password] = cliUtil.SanitizeCliParam(imageScanRenderDto.Password)
+	jsonMap[common.GCR_FILE_PATH] = cliUtil.SanitizeCliParam(toolExecutionDirectoryPath)
+	jsonMap[common.IMAGE_NAME] = cliUtil.SanitizeCliParam(imageScanRenderDto.Image)
+	jsonMap[common.OUTPUT_FILE_PATH] = cliUtil.SanitizeCliParam(imageScanRenderDto.OutputFilePath)
 
 	for key, val := range metaDataMap {
 		jsonMap[key] = val