diff --git a/lib/undefsafe.js b/lib/undefsafe.js
index 60663b0..7446878 100644
--- a/lib/undefsafe.js
+++ b/lib/undefsafe.js
@@ -99,6 +99,10 @@ function undefsafe(obj, path, value, __res) {
       return res;
     }
 
+    if (Object.getOwnPropertyNames(obj).indexOf(key) == -1) {
+      return undefined;
+    }
+
     obj = obj[key];
     if (obj === undefined || obj === null) {
       break;
diff --git a/test/misc.test.js b/test/misc.test.js
new file mode 100644
index 0000000..b871f76
--- /dev/null
+++ b/test/misc.test.js
@@ -0,0 +1,11 @@
+var test = require('tap').test;
+var undefsafe = require('../lib/undefsafe');
+
+test('cannot modify prototype chain', function(t) {
+  const pre = {}.__proto__.toString;
+  var payload = '__proto__.toString';
+  undefsafe({ a: 'b' }, payload, 'JHU');
+  t.notEqual({}.toString, 'JHU');
+  ({}.__proto__.toString = pre); // restore
+  t.end();
+});