Part 6/14:

Further complicating matters are the hooks within the Gemini configuration—specifically, before agent hooks—that can run arbitrary commands before AI agents are invoked. While this is meant to provide flexibility, it becomes a vulnerability when untrusted or malicious code is introduced through PRs. If an attacker manages to inject such a hook via a compromised PR, they could execute arbitrary code on the runner, leading to severe breaches.

The Supply Chain Attack Pattern: A Growing Threat