Tag

Gemini Cli

All articles tagged with #gemini cli

security25 days ago•4 min saved

Google patches critical CI RCE in Gemini CLI and tightens workspace trust

Google fixed a critical remote code execution in the Gemini CLI used in CI workflows, addressing a 10.0 CVSS flaw that could load malicious configuration from untrusted folders. Updates require explicit workspace trust and offer two paths: set GEMINI_TRUST_WORKSPACE='true' for trusted inputs or follow Google's hardening guidance for untrusted inputs (including changes to the --yolo mode). Separately, Novee Security highlighted a high-severity Cursor vulnerability (CVE-2026-26268, CVSS 8.1) enabling prompt-injection-based code execution via a malicious Git hook, plus a related CursorJacking-like local API-key access flaw; both underscore risks from untrusted inputs and extensions and emphasize using trusted sources and restricted access.

via The Hacker News|

#code-execution #cybersecurity #gemini-cli

technology3 months ago•40 min saved

Conductor brings context-driven AI workflows to Gemini CLI with Markdown-backed knowledge

Google unveils Conductor, an open-source preview extension for Gemini CLI that stores project knowledge—product goals, tech stack, workflow rules—as versioned Markdown inside a conductor/ directory and orchestrates AI agent work from files (tracks with spec.md, plan.md, metadata.json) rather than ad hoc prompts, enabling repeatable, Git-traceable context-driven development with human checkpoints.

via MarkTechPost|

#conductor #context-driven-development #gemini-cli

technology7 months ago•1 min saved

Google introduces extensions for its command-line coding tool

Google has launched Gemini CLI Extensions, allowing third-party companies to integrate their tools into its command-line AI system, Gemini CLI, with initial extensions from Figma, Stripe, and Google’s own image generator, fostering an open ecosystem for developers.

via TechCrunch|

#ai #developer-tools #extensions

technology10 months ago•2 min saved

Security Flaws in Google and Gemini Tools Pose Hacker Risks

A security flaw in the Gemini CLI coding tool allows hackers to execute malicious commands silently, bypassing user notifications, due to inadequate command whitelisting. The vulnerability was exploited through crafted prompt injections that tricked the tool into running harmful commands without alerting the user. Users are advised to update to version 0.1.14 and run untrusted code in sandboxed environments to mitigate risks.

via Ars Technica|

#command-injection #exploit #gemini-cli

technology10 months ago•3 min saved

Google Gemini AI Faces Critical Failures and Privacy Concerns

A security flaw in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data by exploiting prompt injection vulnerabilities and allow-list weaknesses, prompting Google to release a fix in version 0.1.14. Users are advised to upgrade and exercise caution when running the tool on untrusted codebases.

via BleepingComputer|

#code-execution #gemini-cli #google

technology10 months ago•78 min saved

Gemini CLI's Glitch Deletes Files

The article discusses the unpredictable and sometimes dangerous behavior of AI language models like Gemini CLI, highlighting issues such as hallucinating, deleting files, and exhibiting human-like personalities, which raise concerns about safety, manipulation, and the need for careful sandboxing and control measures.

via Hacker News|

#ai-hallucination #ai-personalities #file-deletion