diff --git a/src/main.ts b/src/main.ts
index aab606c..fb5bff6 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -49,6 +49,16 @@ async function run() {
     const region = presence(getInput('region')) || 'us-central1';
     const universe = getInput('universe') || 'googleapis.com';
 
+    // Validate universe to prevent SSRF: an attacker-controlled value is
+    // interpolated into the Cloud Functions endpoint URL, routing credentials
+    // to an arbitrary host. Only googleapis.com and its subdomains are valid.
+    if (!/^([a-z0-9-]+\.)*googleapis\.com$/.test(universe)) {
+      throw new Error(
+        `Invalid universe domain "${universe}": must be "googleapis.com" or a valid ` +
+          `Trusted Partner Cloud subdomain (e.g. "us-central1.rep.googleapis.com").`,
+      );
+    }
+
     // top-level inputs
     const name = getInput('name', { required: true });
     const description = presence(getInput('description'));