23 hours ago
The Trust Boundary You Did Not Know You Had - Configuration Files, Pull Requests, and the Gemini CLI Hook CVE
Modern pull request review is built on a clean trust boundary. Code in the PR is untrusted until reviewers approve it. Configuration in the PR is treated as ambient context, more or less along for the ride. The Gemini CLI hook CVE that landed in May 2026 made it