From 3f6cec22e6fa27b2658a416f8193cb3f895e1487 Mon Sep 17 00:00:00 2001
From: Gal Zahavi <38544478+galz10@users.noreply.github.com>
Date: Mon, 23 Feb 2026 10:24:34 -0800
Subject: [PATCH] chore: restrict gemini-automted-issue-triage to only allow
 echo (#20047)

---
 .github/workflows/gemini-automated-issue-triage.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/gemini-automated-issue-triage.yml b/.github/workflows/gemini-automated-issue-triage.yml
index 64609b5c3b..9e50f11433 100644
--- a/.github/workflows/gemini-automated-issue-triage.yml
+++ b/.github/workflows/gemini-automated-issue-triage.yml
@@ -155,7 +155,10 @@ jobs:
               "telemetry": {
                 "enabled": true,
                 "target": "gcp"
-              }
+              },
+              "coreTools": [
+                "run_shell_command(echo)"
+              ],
             }
           prompt: |-
             ## Role