A researcher named Marco Figueroa discovered that Google Gemini for Workspace has a prompt injection vulnerability that can be exploited to trick it into displaying a phishing message. The trick involves sending the target an email containing a message wrapped in <admin> tags and written with white font on a white background, making it invisible to the target. When the target uses Gemini’s ‘summarize this email’ function to get a summary of the attacker’s email, Gemini provides a summery along with the phishing message in verbatim.