Indirect prompt injection in a Google invitation is all you need to exploit Gemini for Workspace's agentic architecture to trigger the following outcomes:
- Toxic content generation
- Spamming
- Deleting events from the user's calendar
- Opening the windows in a victim's apartment
- Activating the boiler in a victim's apartment
- Turning the light off in a victim's apartment
- Video streaming a user via Zoom
- Exfiltrating a user's emails via the browser
- Geolocating the user via the browser