Indirect Prompt Injection via Notifications Hijacks Google Gemini on Android

A SafeBreach researcher demonstrated an indirect prompt injection vulnerability in Google Gemini on Android, allowing the assistant to execute real device actions without user awareness via notifications. While Google has patched the issue, the research exposes a large attack surface where any app capable of pushing a notification becomes a potential injection vector.