AgentReadyHomeAgent ListingPricing

← Google Antigravity

Google Antigravity — agentic threat model

8.3AIVSS 8.3 · High

Google Antigravity presents a high-risk profile due to its autonomous execution capabilities across local terminals, editors, and browsers, which could be exploited via prompt injection to execute arbitrary code on developer machines.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.3AARS uplift 0.47Factor sum 6.4/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.85
Goal-Driven Planning
0.90
Self-Modification
0.30
Dynamic Tool Use
0.95
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.80
Non-Determinism
0.70
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes Gemini 3 Pro and other leading models. Highly vulnerable to indirect prompt injection where malicious code in a repository manipulates the model into generating backdoored code or executing harmful terminal commands.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The mechanism for indexing local codebases, managing embeddings, or handling RAG is not detailed, leaving potential gaps in data provenance and local codebase exfiltration risks.

L3 · Agent Frameworks✓ mapped

Features autonomous coding agents that plan, code, test, and debug. The primary threat is tool misuse, specifically the agent being tricked into executing destructive or unauthorized commands via the integrated terminal.

L4 · Deployment & Infrastructure✓ mapped

Runs locally on Windows, macOS, and Linux. Without explicit sandboxing mentioned, a compromise of the agent's terminal or browser tool translates directly to local host compromise and potential lateral movement in the developer's network.

L5 · Evaluation & Observability✓ mapped

Includes an 'Artifacts' system to surface plans, patches, logs, and screenshots. While this aids observability, sophisticated prompt injections could attempt to game or bypass these logs to hide malicious activities.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No enterprise-grade access controls, compliance certifications, or policy enforcement mechanisms are detailed for this preview version.

L7 · Agent Ecosystem✓ mapped

Orchestrates multiple agents in parallel workspaces via the Agent Manager. This introduces risks of agent-to-agent trust abuse, where a compromised sub-agent passes malicious instructions or code patches to a peer agent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.