diff --git a/backend/src/plugins/Tags/util/renderTagBody.ts b/backend/src/plugins/Tags/util/renderTagBody.ts
index d8aef998..a321360d 100644
--- a/backend/src/plugins/Tags/util/renderTagBody.ts
+++ b/backend/src/plugins/Tags/util/renderTagBody.ts
@@ -6,6 +6,9 @@ import { findTagByName } from "./findTagByName";
 
 const MAX_TAG_FN_CALLS = 25;
 
+// This is used to disallow setting/getting default object properties (such as __proto__) in dynamicVars
+const emptyObject = {};
+
 export async function renderTagBody(
   pluginData: GuildPluginData<TagsPluginType>,
   body: TTag,
@@ -22,15 +25,19 @@ export async function renderTagBody(
     ...pluginData.state.tagFunctions,
     set(name, val) {
       if (typeof name !== "string") return;
+      if (emptyObject[name]) return;
       dynamicVars[name] = val;
     },
     setr(name, val) {
       if (typeof name !== "string") return "";
+      if (emptyObject[name]) return;
       dynamicVars[name] = val;
       return val;
     },
     get(name) {
-      return !dynamicVars.hasOwnProperty(name) || dynamicVars[name] == null ? "" : dynamicVars[name];
+      if (typeof name !== "string") return "";
+      if (emptyObject[name]) return;
+      return !Object.hasOwn(dynamicVars, name) || dynamicVars[name] == null ? "" : dynamicVars[name];
     },
     tag: async (name, ...subTagArgs) => {
       if (++tagFnCallsObj.calls > MAX_TAG_FN_CALLS) return "";