From 041e7c177caf4725d5089b7af38c6d9afcbce10b Mon Sep 17 00:00:00 2001
From: Mark McDonald <macd@google.com>
Date: Thu, 12 Jun 2025 13:49:58 +0800
Subject: [PATCH] Added note about using MCP/tools with a sandbox (#933)

---
 docs/tools/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/tools/index.md b/docs/tools/index.md
index 2efce3bd..56aa8333 100644
--- a/docs/tools/index.md
+++ b/docs/tools/index.md
@@ -33,7 +33,7 @@ You will typically see messages in the CLI indicating when a tool is being calle
 Many tools, especially those that can modify your file system or execute commands (`write_file`, `edit`, `run_shell_command`), are designed with safety in mind. The Gemini CLI will typically:
 
 - **Require Confirmation:** Prompt you before executing potentially sensitive operations, showing you what action is about to be taken.
-- **Utilize Sandboxing:** All tools are subject to restrictions enforced by sandboxing (see [README](../../README.md#sandboxing)).
+- **Utilize Sandboxing:** All tools are subject to restrictions enforced by sandboxing (see [README](../../README.md#sandboxing)). This means that when operating in a sandbox, any tools (including MCP servers) you wish to use must be available _inside_ the sandbox environment. For example, to run an MCP server through `npx`, the `npx` executable must be installed within the sandbox's Docker image or be available in the `sandbox-exec` environment.
 
 It's important to always review confirmation prompts carefully before allowing a tool to proceed.