Google’s sandbox by no means acquired an opportunity
Antigravity’s Safe Mode, which is designed to limit community entry, forestall out-of-workspace writes, and guarantee all command operations run strictly underneath a sandbox context, couldn’t flag or quarantine this method. It’s because the find_my_name instrument known as a lot earlier than Safe Mode restrictions are evaluated.
“The agent treats it as a local instrument invocation, not a shell command, so it by no means reaches the security boundary that Safe Mode enforces,“ the researchers famous.
The difficulty was trimmed right down to a twofold root trigger. A “No enter validation” on the Sample parameter, which accepts arbitrary strings with out checking for reliable search sample characters. The second was “no argument termination,” which refers to fd’s lack of ability to differentiate between flags and search phrases. Google has already fastened the flaw internally, and Antigravity customers needn’t do anything to stay protected. Nonetheless, the flaw’s means to bypass Safe Mode, Pillar researchers level out, underlines that security controls centered on shell instructions are inadequate. “The trade should transfer past sanitization-based controls towards execution isolation,” they mentioned. “Each native instrument parameter that reaches a shell command is a possible injection level.”
