diff --git a/nixos/modules/system/activation/specialisation.nix b/nixos/modules/system/activation/specialisation.nix
index 1bc257248539..7acccbd724d5 100644
--- a/nixos/modules/system/activation/specialisation.nix
+++ b/nixos/modules/system/activation/specialisation.nix
@@ -10,6 +10,8 @@
 let
   inherit (lib)
     concatStringsSep
+    escapeShellArg
+    hasInfix
     mapAttrs
     mapAttrsToList
     mkOption
@@ -84,10 +86,18 @@ in
   };
 
   config = {
+    assertions = mapAttrsToList (name: _: {
+      assertion = !hasInfix "/" name;
+      message = ''
+        Specialisation names must not contain forward slashes.
+        Invalid specialisation name: ${name}
+      '';
+    }) config.specialisation;
+
     system.systemBuilderCommands = ''
       mkdir $out/specialisation
       ${concatStringsSep "\n" (
-        mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${name}") children
+        mapAttrsToList (name: path: "ln -s ${path} $out/specialisation/${escapeShellArg name}") children
       )}
     '';
   };