Handle dirty worktrees better and warn about running scripts/review.sh on untrusted code. (#21791)

2026-03-20 19:11:23 -07:00 · 2026-03-10 09:38:26 -07:00
parent 556825f81c
commit 49ea9b0457
2 changed files with 8 additions and 2 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -77,6 +77,10 @@ You can run the review tool in two ways:
    ./scripts/review.sh <PR_NUMBER> [model]
    ```

+    **Warning:** If you run `scripts/review.sh`, you must have first verified
+    that the code for the PR being reviewed is safe to run and does not contain
+    data exfiltration attacks.
+
    **Authors are strongly encouraged to run this script on their own PRs**
    immediately after creation. This allows you to catch and fix simple issues
    locally before a maintainer performs a full review.