Handle dirty worktrees better and warn about running scripts/review.sh on untrusted code.

[jacob314]

Summary

Fix issue where review.sh could fail if there were local changes on the branchfor the review

Add warning about how to safely run review.sh.

Fixes #21793

[gemini-cli]

Hi @jacob314, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness and security of the code review process. It improves the review.sh script by ensuring a clean Git worktree for each review, preventing conflicts from prior states. Additionally, it introduces a critical security warning in the contributing guidelines, educating users about the risks of executing untrusted code and the importance of prior verification.

Highlights

• Enhanced review.sh script: The scripts/review.sh script now performs a git reset --hard and git clean -fd before checking out a pull request, ensuring a clean worktree and preventing issues from previous runs or local modifications. It also explicitly checks out to a review-$pr branch.
• Security Warning in CONTRIBUTING.md: A new warning has been added to CONTRIBUTING.md advising users to verify the safety of PR code before running scripts/review.sh to prevent potential data exfiltration attacks.

Changelog

• CONTRIBUTING.md
  • Added a security warning regarding running scripts/review.sh on untrusted code.
• scripts/review.sh
  • Modified the PR checkout process to include git reset --hard and git clean -fd for a clean worktree.
  • Changed the gh pr checkout command to explicitly use a review-$pr branch.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI.

To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md.

This pull request is being closed because it is not currently linked to an issue. Once you have updated the description of this PR to link an issue (e.g., by adding Fixes #123 or Related to #123), it will be automatically reopened.

How to link an issue:
Add a keyword followed by the issue number (e.g., Fixes #123) in the description of your pull request. For more details on supported keywords and how linking works, please refer to the GitHub Documentation on linking pull requests to issues.

Thank you for your understanding and for being a part of our community!

[github-actions]

Size Change: -4 B (0%)

Total Size: 26.1 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	25.7 MB	-4 B (0%)
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

The pull request updates CONTRIBUTING.md with a warning about running scripts/review.sh on untrusted code and enhances scripts/review.sh by ensuring a clean worktree and checking out PRs into a dedicated branch. However, a critical security vulnerability remains as the review.sh script still proceeds to install and run code from external pull requests without an interactive warning, which could lead to Remote Code Execution (RCE) if the PR contains malicious code.

[gemini-code-assist]

The pull request title claims to "warn about running scripts/review.sh on untrusted code," but the implementation fails to add any such warning. The script proceeds to execute npm install (line 86) and npm start (line 131) on code checked out from an external Pull Request. This allows for Remote Code Execution (RCE) if the PR contains malicious code (e.g., in package.json scripts). The absence of the promised warning significantly increases the risk of a developer compromising their machine.

Suggested change

	echo "review: Cleaning worktree and checking out PR $pr..."
	echo "WARNING: This script will install and run code from PR $pr. Only run this on trusted code."
	read -p "Do you want to continue? (y/N) " confirm
	if [[ $confirm != [yY] ]]; then exit 1; fi
	echo "review: Cleaning worktree and checking out PR $pr..."