A critical remote code execution (RCE) vulnerability in the Google Gemini CLI and its associated GitHub Action exposed a startling weakness in how AI tooling can interact with developer infrastructure. Rated with the maximum CVSS score of 10.0, the bug allowed unprivileged external actors to execute commands on the machines running CI/CD workflows. This wasn’t a prompt-injection trick against a