Safety First
Gemini CLI is a powerful tool that can execute shell commands and modify files on your system. To ensure safety, it employs several security mechanisms.
The Approval Workflow
By default, Gemini CLI operates in an interactive mode where it asks for your permission (y/n) before executing any tool that affects the system, such as run_shell_command or write_file. This gives you a chance to review the command or file content.
Sandboxing
For maximum security, especially when running unknown code or complex tasks, use the --sandbox flag. This runs the agent's environment inside a Docker container. Any changes made to the file system are contained within the sandbox and won't affect your host machine.
Risks of YOLO Mode
The --yolo flag (You Only Live Once) disables all confirmation prompts. The agent will execute commands immediately. Use this with extreme caution, preferably only within a sandbox or a disposable environment, as a hallucinated command like rm -rf / could be catastrophic.
Protecting Secrets
Never paste API keys or passwords directly into the chat. Ensure your .gitignore is set up to exclude .env files, and instruct the agent to read secrets from environment variables rather than hardcoding them.