diff --git a/.gitea/workflows/auto-pr-tofu-plan.yml b/.gitea/workflows/auto-pr-tofu-plan.yml
index f206d69..d70aa38 100644
--- a/.gitea/workflows/auto-pr-tofu-plan.yml
+++ b/.gitea/workflows/auto-pr-tofu-plan.yml
@@ -118,9 +118,14 @@ jobs:
           chdir: cloudflare
           out: cloudflare.tfplan
 
-      - name: Save plan output to file (with collapsible Markdown)
+      - name: Save plan output to file (with collapsible Markdown, ACT-safe)
         run: |
           mkdir -p tmp
+
+          # Save raw plan output first
+          echo "${{ steps.tofu_plan.outputs.plan-output }}" > tmp/tofu-plan-raw.txt
+
+          # Build Markdown file safely
           {
             echo "## 🧩 OpenTofu Plan — Cloudflare"
             echo "**Branch:** \`${{ github.ref_name }}\`"
@@ -130,15 +135,17 @@ jobs:
             echo "<details><summary>🪶 Click to expand full plan output</summary>"
             echo ""
             echo '```hcl'
-            printf "%s\n" "${{ steps.tofu_plan.outputs.plan-output }}"  # safer than 'cat <<<'
+            cat tmp/tofu-plan-raw.txt
             echo '```'
             echo ""
             echo "</details>"
             echo ""
             echo "*(This plan was automatically generated by the workflow.)*"
           } > tmp/tofu-plan.md
+
           echo "Plan file saved: tmp/tofu-plan.md ($(wc -c < tmp/tofu-plan.md) bytes)"
 
+
       - name: Comment full Tofu Plan on PR (safe)
         uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
         with: