diff --git a/lib/macos/scripts/repro-escape-bug-install.sh b/lib/macos/scripts/repro-escape-bug-install.sh
new file mode 100755
index 00000000..cdf82bce
--- /dev/null
+++ b/lib/macos/scripts/repro-escape-bug-install.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Minimal repro for Fleet GitOps backslash-escape stripping bug.
+#
+# GitOps validation requires "$" to be escaped as "\$" so that Fleet does
+# not try to resolve "$VAR" as a repo-level environment variable at
+# validation time. The expectation is that Fleet strips the leading
+# backslash before delivering the script to the endpoint, so the host
+# receives a normal bash script containing "$EUID", "$USER", etc.
+#
+# If the delivered install script (visible in Fleet UI > Software >
+# this package > Advanced options > Install script) still contains
+# "\$EUID" / "\$USER" / "\$HOME" / "\$CURRENT_USER", the unescape step
+# is missing between GitOps ingestion and script delivery, and bash on
+# the target host will emit errors such as:
+#   line N: \$EUID: command not found
+#
+# Target: macOS workstation (self-service install).
+
+set -eu
+
+CURRENT_USER=$(/usr/bin/stat -f%Su /dev/console)
+
+echo "repro: EUID=\$EUID USER=\$USER HOME=\$HOME CURRENT_USER=\$CURRENT_USER"
+
+if [ "\$EUID" -ne 0 ]; then
+  echo "repro: not running as root (EUID=\$EUID)" >&2
+  exit 1
+fi
+
+echo "repro: invoking user is \$USER, console user is \$CURRENT_USER, home is \$HOME"
+exit 0
diff --git a/teams/workstations.yml b/teams/workstations.yml
index 67eaefc4..d7c023e1 100644
--- a/teams/workstations.yml
+++ b/teams/workstations.yml
@@ -4,6 +4,20 @@ queries:
 agent_options:
 controls:
 software:
+  packages:
+    # Repro for Fleet GitOps backslash-escape stripping bug.
+    # A tiny, always-available macOS .pkg is used only as a carrier for
+    # the inline install script under lib/macos/scripts/repro-escape-bug-install.sh.
+    # The script contains escaped bash variables (\$EUID, \$USER, \$HOME,
+    # \$CURRENT_USER). Fleet GitOps validation rejects unescaped "$VAR"
+    # because it tries to resolve them as repo-level env vars, so the
+    # backslash escape is mandatory at ingestion time. The bug is that
+    # the backslash is still present when the install script is delivered
+    # to the host, causing shell errors on install.
+    - url: https://github.com/macadmins/installomator/releases/download/v10.7/Installomator-10.7.pkg
+      self_service: true
+      install_script:
+        path: ../lib/macos/scripts/repro-escape-bug-install.sh
 team_settings:
   secrets:
     - secret: "$FLEET_WORKSTATIONS_ENROLL_SECRET"
\ No newline at end of file