diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000..2590e29
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,6 @@
+# Sentinel's Journal
+
+## 2025-02-12 - Shell Variable Expansion Risks
+**Vulnerability:** Passwords containing spaces were being truncated in the entrypoint script due to unquoted variable expansion (`adduser $username $password`).
+**Learning:** Shell scripts are prone to word splitting issues that can silently corrupt data like passwords.
+**Prevention:** Always quote variables in shell scripts, especially when handling user input or secrets. Use strict linting (shellcheck) where possible.
diff --git a/copyables/entrypoint.sh b/copyables/entrypoint.sh
index 0d224a0..81d68ec 100644
--- a/copyables/entrypoint.sh
+++ b/copyables/entrypoint.sh
@@ -142,11 +142,11 @@ if [ ! -f $CONFIG ] || [ ! -s $CONFIG ]; then
       for i in "${USER[@]}"; do
         IFS=':' read username password <<<"$i"
         # echo "Creating user: ${username}"
-        adduser $username $password
+        adduser "$username" "$password"
       done
     done <<<"$USERS"
   else
-    adduser $USERNAME $PASSWORD
+    adduser "$USERNAME" "$PASSWORD"
   fi
 
   echo
diff --git a/tests/verify_password_fix.sh b/tests/verify_password_fix.sh
new file mode 100755
index 0000000..ffcd3a0
--- /dev/null
+++ b/tests/verify_password_fix.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Mock adduser and verify arguments
+adduser() {
+  if [[ "$2" == "secret pass" ]]; then
+    echo "SUCCESS: Password verified correctly: '$2'"
+  else
+    echo "FAILURE: Password mismatch: '$2'"
+    exit 1
+  fi
+}
+
+USERS="alice:secret pass"
+# Extract the logic from entrypoint.sh (simplified)
+while IFS=';' read -ra USER; do
+  for i in "${USER[@]}"; do
+    IFS=':' read username password <<<"$i"
+    adduser "$username" "$password"
+  done
+done <<<"$USERS"