security: strip deceptive Unicode characters from terminal output (#19026)

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

packages/cli/src/ui/components/messages/ToolConfirmationMessage.test.tsx

@@ -8,6 +8,7 @@ import { describe, it, expect, vi } from 'vitest';
 import { ToolConfirmationMessage } from './ToolConfirmationMessage.js';
 import type {
   SerializableConfirmationDetails,
+  ToolCallConfirmationDetails,
   Config,
 } from '@google/gemini-cli-core';
 import { renderWithProviders } from '../../../test-utils/render.js';
@@ -372,4 +373,35 @@ describe('ToolConfirmationMessage', () => {
       unmount();
     });
   });
+
+  it('should strip BiDi characters from MCP tool and server names', async () => {
+    const confirmationDetails: ToolCallConfirmationDetails = {
+      type: 'mcp',
+      title: 'Confirm MCP Tool',
+      serverName: 'test\u202Eserver',
+      toolName: 'test\u202Dtool',
+      toolDisplayName: 'Test Tool',
+      onConfirm: vi.fn(),
+    };
+
+    const { lastFrame, waitUntilReady, unmount } = renderWithProviders(
+      <ToolConfirmationMessage
+        callId="test-call-id"
+        confirmationDetails={confirmationDetails}
+        config={mockConfig}
+        availableTerminalHeight={30}
+        terminalWidth={80}
+      />,
+    );
+    await waitUntilReady();
+
+    const output = lastFrame();
+    // BiDi characters \u202E and \u202D should be stripped
+    expect(output).toContain('MCP Server: testserver');
+    expect(output).toContain('Tool: testtool');
+    expect(output).toContain('Allow execution of MCP tool "testtool"');
+    expect(output).toContain('from server "testserver"?');
+    expect(output).toMatchSnapshot();
+    unmount();
+  });
 });