Antigravity is Google’s new agentic code editor. In this article, we demonstrate how an indirect prompt injection can manipulate Gemini to invoke a malicious browser subagent in order to steal credentials and sensitive code from a user’s IDE.Google’s approach is to include a disclaimer about the existing risks, which we address later in the article.Attack at a Glance Let's consider a use case in which a user would like to integrate Oracle ERP’s new Payer AI Agents into their application, and is ...