diff --git a/pr_agent/git_providers/gerrit_provider.py b/pr_agent/git_providers/gerrit_provider.py
index ced150c915..be0de5354c 100644
--- a/pr_agent/git_providers/gerrit_provider.py
+++ b/pr_agent/git_providers/gerrit_provider.py
@@ -342,10 +342,22 @@ def split_suggestion(self, msg) -> tuple[str, str]:
 
     def publish_code_suggestions(self, code_suggestions: list):
         msg = []
+        repo_root = pathlib.Path(self.repo_path).resolve()
         for suggestion in code_suggestions:
+            # Validate suggestion structure before accessing keys
+            if not isinstance(suggestion, dict) or not isinstance(suggestion.get("relevant_file"), str):
+                get_logger().warning("Skipping malformed suggestion: missing or invalid 'relevant_file'")
+                continue
+            # Sanitize file path to prevent directory traversal
+            try:
+                target_path = (repo_root / suggestion["relevant_file"]).resolve()
+                target_path.relative_to(repo_root)
+            except ValueError:
+                get_logger().warning(f"Skipping suggestion with path traversal: {suggestion['relevant_file']}")
+                continue
             description, code = self.split_suggestion(suggestion['body'])
             add_suggestion(
-                pathlib.Path(self.repo_path) / suggestion["relevant_file"],
+                target_path,
                 code,
                 suggestion["relevant_lines_start"],
                 suggestion["relevant_lines_end"],