A security flaw in Google's Gemini CLI tool could have let attackers run harmful commands and steal data without detection by exploiting trusted programs. Discovered by Tracebit and patched in version 0.1.14, the issue stemmed from how the AI-powered coding assistant processed context files like README.md.
Attackers could hide malicious instructions in these files, tricking Gemini CLI into executing unauthorized commands—such as data exfiltration—if the user had allowlisted a seemingly safe program like grep. The tool’s weak command parsing and visual output manipulation made the attack stealthy.
While exploitation required specific conditions, the risk highlights broader dangers of AI coding assistants being manipulated. Google has fixed the issue, but users should update immediately and avoid scanning untrusted codebases. Other AI tools like OpenAI Codex were found unaffected due to stricter safeguards.
Read more...