feat(ci): bulletproof gemini-review workflow by removing tools whitelists and using default toolbox (#123)

DeanChensj · web-flow · commit 1a824e0c79f5 · 2026-05-04T20:40:04.000-07:00
diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml
@@ -90,24 +90,10 @@ jobs:
                     "GITHUB_PERSONAL_ACCESS_TOKEN",
                     "ghcr.io/github/github-mcp-server:v0.27.0"
                   ],
-                  "includeTools": [
-                    "add_comment_to_pending_review",
-                    "pull_request_read",
-                    "pull_request_review_write"
-                  ],
                   "env": {
                     "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}"
                   }
                 }
-              },
-              "tools": {
-                "core": [
-                  "run_shell_command(cat)",
-                  "run_shell_command(echo)",
-                  "run_shell_command(grep)",
-                  "run_shell_command(head)",
-                  "run_shell_command(tail)"
-                ]
               }
             }
           prompt: 'Please use the pull_request_read tool to read this PR. Analyze the code for bugs, security issues, and best practices. Then, use the add_comment_to_pending_review and pull_request_review_write tools to post your review directly.'
