The Google Gemini CLI and associated GitHub Action are susceptible to critical OS command injection that allows unprivileged attackers to execute code at the host level.

The container launcher improperly neutralizes inputs from a malicious .gemini/.env file. This failure allows an unprivileged attacker to inject OS commands that execute with host-level privileges on headless CI platforms.

With a CVSS score of 10.0, this is a maximum-severity vulnerability. Exploitation in a CI/CD environment can lead to total compromise of build servers, exposure of secrets, and the potential for supply chain poisoning, resulting in catastrophic loss of organizational integrity.

Immediate Action: Update the Google Cloud Gemini CLI to version 0.39.1 or later and the run-gemini-cli GitHub Action to version 0.1.22 or later.

Proactive Monitoring: Audit CI/CD pipeline logs for anomalous file creation or unauthorized command execution patterns following build processes.

Compensating Controls: Implement strict file permission controls in build environments and prevent the processing of untrusted or externally sourced configuration files in sensitive pipelines.

Public Exploit Available: Unknown

This vulnerability represents a critical risk to software supply chain security. Security teams must treat this with the highest urgency, ensuring that all CI/CD runners and CLI instances are updated to the patched versions to prevent unauthorized host access.