Skip to content

Harden remote installer security warning#7179

Draft
Imagineer99 wants to merge 2 commits into
unslothai:mainfrom
Imagineer99:fix/remote-installer-warning
Draft

Harden remote installer security warning#7179
Imagineer99 wants to merge 2 commits into
unslothai:mainfrom
Imagineer99:fix/remote-installer-warning

Conversation

@Imagineer99

Copy link
Copy Markdown
Collaborator

Summary

  • identify URL-based agent installers as unverified third-party code
  • state that Unsloth does not pin or verify downloaded content and tell users to continue only if they trust the source
  • preserve the current interactive, default-no confirmation and auto-install behavior

Tests

  • python -m pytest -q unsloth_cli/tests/test_start.py (209 passed, 3 skipped)
  • python -m pytest -q tests/security (171 passed)
  • ruff check unsloth_cli/commands/start.py unsloth_cli/tests/test_start.py

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the security warning displayed to users when installing an agent from an external source, explicitly warning them about executing unverified third-party scripts. The corresponding unit tests have been updated to assert the new warning messages. There are no review comments to address, and the changes look solid.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant