A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.

By embedding malicious Python code in various ways via a prompt, attackers can exploit the vulnerability to execute arbitrary code within the context of the process running PandasAI.

This allows the Python code to be executed directly in a browser-based Excel add-in. PyScript is based on Pyodide, a project originally launched by Mozilla for Python applications in the browser.