Tracebit discovered a silent attack on Gemini CLI where, through a toxic combination of prompt injection, misleading UX and missing validation, inspecting untrusted code consistently leads to execution of malicious commands - enabling silent credential theft and much more.
