fix: add --skip-trust to Gemini CLI command to prevent yolo override in AWF sandbox (#28496)

Author: Copilot

.github/workflows/smoke-gemini.lock.yml

@@ -168,6 +168,14 @@ func (e *GeminiEngine) GetExecutionSteps(workflowData *WorkflowData, logFile str
 	// Without this, Gemini CLI's default approval mode rejects tool calls with "Tool execution denied by policy"
 	geminiArgs = append(geminiArgs, "--yolo")
 
+	// Skip the workspace trust check so --yolo is not overridden to "default" approval mode.
+	// Gemini CLI v1.x checks whether the working directory is trusted and overrides --yolo
+	// with "default" approval mode (exit code 55) when the folder is untrusted.
+	// GEMINI_CLI_TRUST_WORKSPACE=true (also set in the step env) handles the same case via
+	// environment variable, but --skip-trust is more reliable when AWF's sandbox does not
+	// forward all host environment variables into the container.
+	geminiArgs = append(geminiArgs, "--skip-trust")
+
 	// Add streaming JSON output (JSONL format, compatible with the log parser)
 	geminiArgs = append(geminiArgs, "--output-format", "stream-json")
 

pkg/workflow/gemini_engine.go

@@ -156,6 +156,7 @@ func TestGeminiEngineExecution(t *testing.T) {
 		assert.Contains(t, stepContent, "id: agentic_execution", "Should have agentic_execution ID")
 		assert.Contains(t, stepContent, "gemini", "Should invoke gemini command")
 		assert.Contains(t, stepContent, "--yolo", "Should include --yolo flag for auto-approving tool executions")
+		assert.Contains(t, stepContent, "--skip-trust", "Should include --skip-trust flag to prevent workspace trust check from overriding --yolo")
 		assert.Contains(t, stepContent, "--output-format stream-json", "Should use streaming JSON output format")
 		assert.Contains(t, stepContent, `--prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"`, "Should include prompt argument with correct shell quoting")
 		assert.Contains(t, stepContent, "/tmp/test.log", "Should include log file")