docs(extensions): clarify env var sanitization policy for MCP and ext… (#22854)

Co-authored-by: Jack Wotherspoon <jackwoth@google.com>
Co-authored-by: Jenna Inouye <jinouye@google.com>

docs/extensions/reference.md

@@ -210,6 +210,22 @@ To update an extension's settings:
 gemini extensions config <name> [setting] [--scope <scope>]
 ```
 
+#### Environment variable sanitization
+
+For security reasons, sensitive environment variables are filtered out and not
+passed to extensions or MCP servers by default.
+
+Extensions **will not** inherit the user's full shell environment variables.
+They will only have access to:
+
+1. Standard safe variables (e.g., `HOME`, `PATH`, `TMPDIR`).
+2. Variables explicitly declared and requested in the `gemini-extension.json`
+   manifest via the `settings` array (using the `envVar` property).
+
+If your extension requires specific environment variables (like an API key,
+custom host, or config path), you **must** declare them in the `settings` array
+so the CLI can allowlist them for use within the extension.
+
 ### Custom commands
 
 Provide [custom commands](../cli/custom-commands.md) by placing TOML files in a

docs/extensions/writing-extensions.md

@@ -159,6 +159,13 @@ When a user installs this extension, Gemini CLI will prompt them to enter the
 `sensitive` is true) and injected into the MCP server's process as the
 `MY_SERVICE_API_KEY` environment variable.
 
+> **Important (Environment Variable Sanitization):** For security reasons,
+> sensitive environment variables are filtered out and not passed to extensions
+> or MCP servers by default. Extensions will _only_ have access to environment
+> variables that are explicitly declared in the `settings` array using the
+> `envVar` property, plus a few standard safe variables. Do not expect host
+> environment variables to be available otherwise.
+
 ## Step 4: Link your extension
 
 Link your extension to your Gemini CLI installation for local development.