Security researchers at Novee Security discovered a critical vulnerability in Google's Gemini CLI tool that could have allowed attackers to execute arbitrary code on host systems and carry out supply chain attacks. The flaw stemmed from Gemini CLI automatically trusting and loading agent configurations from workspace folders without any security checks or human approval, giving attackers with access to those folders the ability to steal credentials, tokens, and source code while gaining lateral movement to downstream systems. Google has since patched the vulnerability in both Gemini CLI and the associated GitHub Action.