Today's trending topic on HackerNews is the Google Antpromptarmor.com/resources/goog…erability that was all the rage a few days ago. https://t.co/ga6iYuskka The author simulated the attack process and successfully stole the user's sensitive information. The process is as follows: * The author hid a nearly invisible (1px) hint on a seemingly normal online tutorial website, prompting Gemini to collect credentials and code from the user's IDE (Figure 1). * When a user copies content or a URL from this guide to Antigravity, the injected instructions will be activated silently (Figure 2). Even if the user sets "Allow Gitignore Access > Off" (which is off by default), Gemini can still directly read the contents of files blocked by .gitignore using terminal commands (such as `cat .env`). This proves Gemini's bypass mechanism—it doesn't read files directly, but instead uses command-line tools to indirectly dump data. Ultimately, Gemini automatically executes the inline Python script in the prompt to URL-encode the stolen content (token + code snippet), and then constructs a malicious URL (such as https://t.co/tzCu623RzC [encoded sensitive information]), allowing attackers to easily access and record this sensitive information via URLs and other means. The article contains a detailed simulation of the attack process, which is quite interesting and worth reading. The author also provides Google's disclaimer at the end: "Antigravity warns users about data exfiltration risks during onboarding." So Google is aware of the risks but relies on the disclaimer rather than fixing the vulnerabilities.
