diff --git a/Library/Homebrew/api/cask-source.rb b/Library/Homebrew/api/cask-source.rb
index 0c1cd67a21..1573ae485d 100644
--- a/Library/Homebrew/api/cask-source.rb
+++ b/Library/Homebrew/api/cask-source.rb
@@ -10,18 +10,25 @@ module Homebrew
       class << self
         extend T::Sig
 
+        CASK_TOKEN_REGEX = %r{^(homebrew/cask/)?[a-z0-9\-_]+$}.freeze
+
         sig { params(token: String).returns(Hash) }
         def fetch(token)
-          token = token.sub(%r{^homebrew/cask/}, "")
+          token = token.delete_prefix("homebrew/cask/")
           Homebrew::API.fetch "cask-source/#{token}.rb", json: false
         end
 
         sig { params(token: String).returns(T::Boolean) }
         def available?(token)
-          fetch token
-          true
-        rescue ArgumentError
-          false
+          # Sanity check before hitting the API
+          return false unless token.match?(CASK_TOKEN_REGEX)
+
+          begin
+            fetch token
+            true
+          rescue ArgumentError
+            false
+          end
         end
       end
     end