Security researchers at Pillar Security discovered a prompt injection vulnerability in Google's Antigravity IDE that could be exploited to achieve remote code execution (RCE). The flaw resided in the 'find_my_name' tool, which uses the 'fd' command-line utility for file searches. By injecting strings starting with '-' into the Pattern parameter, attackers could trick fd into executing arbitrary binaries instead of just searching files. Critically, this attack bypassed Antigravity's most restrictive protection, Secure Mode, because the tool is invoked before sandbox restrictions are evaluated. The attack could also be triggered via indirect prompt injection through malicious comments in public repository files. Google fixed the issue internally after it was reported in January and awarded a bug bounty. Researchers warn the industry must move toward execution isolation rather than relying solely on input sanitization.
Sort: